How to control remote computer management
From: Dave W. (DaveW_at_discussions.microsoft.com)
Date: 07/27/04
- Next message: Robby Saputra: "W2K3 Crash Repeatedly"
- Previous message: Kurt: "Windows 2003 Server Log-in screen scrambled."
- Next in thread: Jeffrey Randow (MVP): "Re: How to control remote computer management"
- Reply: Jeffrey Randow (MVP): "Re: How to control remote computer management"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Jul 2004 09:21:15 -0700
We use a Windows 2003 DC and have found that all of our users can choose the "Manage" on "My Computer" and then choose the domain controller PC as the PC to manage. They can then add shares, shut down services, etc. which defeats all the security.
How can I prevent users from specifying another computer name in the computer management console snap-in and/or how do I restrict a computer from allowing only specific users to connect?
If we turn off file and printer sharing, all shares that are meant to be available stop working so we need to keep that feature on. All of our developers do have admin account rights to uninstall/reinstall applications that they are developing so we cannot restrict them that way.
Is there simply a way to apply an ACL or some other security measure to the DC? Note that each user can only log into their own PC which I thought would block their access but this does not prevent them from accessing the server either.
Any help would be greatly appreciated.
- Next message: Robby Saputra: "W2K3 Crash Repeatedly"
- Previous message: Kurt: "Windows 2003 Server Log-in screen scrambled."
- Next in thread: Jeffrey Randow (MVP): "Re: How to control remote computer management"
- Reply: Jeffrey Randow (MVP): "Re: How to control remote computer management"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
