Re: Can RWW logins be restricted wthout affecting LAN logins?
- From: "Gregg Hill" <bogus@xxxxxxxxxxx>
- Date: Tue, 23 Aug 2005 18:38:17 -0700
Charles,
"As I know, you want to add a user to allow him only logon to the client
computer that belongs to him."
You are close! I want exactly what you describe "...allow him only logon to
the client computer that belongs to him" from a remote RWW connection, but
still able to log on to any LAN workstation when working in the office.
When you say "...I mean when you configure the policy I mentioned", do you
mean that this is done with a GPO?
Gregg Hill
""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:S%23TzyVEqFHA.472@xxxxxxxxxxxxxxxxxxxxxxxx
> HI George,
>
> I am sorry for not clear the issue, I means when you configure the policy
> I
> mentioned, you will be asked to add the users you want to deny logon to
> this client computer through terminal services, you can add the users you
> do not want to logon to this client computer one by one.
>
> As I know, you want to add a user to allow him only logon to the client
> computer that belongs to him.
>
> Thanks for your efforts.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
> | From: "Gregg Hill" <bogus@xxxxxxxxxxx>
> | References: <OOcXK52pFHA.712@xxxxxxxxxxxxxxxxxxxx>
> <fvs6xS5pFHA.1204@xxxxxxxxxxxxxxxxxxxxx>
> <unTIva6pFHA.3064@xxxxxxxxxxxxxxxxxxxx>
> <Jet3e16pFHA.2928@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Can RWW logins be restricted wthout affecting LAN logins?
> | Date: Tue, 23 Aug 2005 11:20:46 -0700
> | Lines: 257
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> | X-RFC2646: Format=Flowed; Original
> | Message-ID: <u#lCj9AqFHA.1336@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147079
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Charles,
> |
> | You said to "...just add the user you want to deny to the list...." What
> | list?
> |
> | Gregg Hill
> |
> |
> | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
> | news:Jet3e16pFHA.2928@xxxxxxxxxxxxxxxxxxxxxxxx
> | > HI,
> | >
> | > I am sorry for not clear the issue, you can just add the user you want
> to
> | > deny to the list, then the client computer will only be allowed to
> logon
> | > by
> | > special user.
> | >
> | > Hope this clear your issue, as I know we did not have any quick way to
> do
> | > that, in this way you can also logon the client computer locally
> without
> | > any problem.
> | >
> | > Thanks for effort.
> | >
> | >
> | >
> | > Best regards,
> | >
> | > Charles Yang (MSFT)
> | >
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have
> issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you
> check
> | > the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although
> we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> | > doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> | > --------------------
> | > | Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
> | > | From: "Gregg Hill" <bogus@xxxxxxxxxxx>
> | > | References: <OOcXK52pFHA.712@xxxxxxxxxxxxxxxxxxxx>
> | > <fvs6xS5pFHA.1204@xxxxxxxxxxxxxxxxxxxxx>
> | > | Subject: Re: Can RWW logins be restricted wthout affecting LAN
> logins?
> | > | Date: Mon, 22 Aug 2005 22:51:17 -0700
> | > | Lines: 137
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> | > | X-RFC2646: Format=Flowed; Original
> | > | Message-ID: <unTIva6pFHA.3064@xxxxxxxxxxxxxxxxxxxx>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
> | > | Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.sbs:146890
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Charles,
> | > |
> | > | Thank you for responding, but you completely missed my point. I want
> | > users
> | > | to be able to log in via RWW, but ONLY to their own workstations. I
> do
> | > not
> | > | want them to be able to remotely access anyone else's computer.
> | > Sometimes
> | > | when they are on the LAN, they do need to log in at a station other
> than
> | > | their own station, so I want to allow them to do it while on the LAN
> but
> | > not
> | > | when coming in via RWW.
> | > |
> | > | Gregg Hill
> | > |
> | > |
> | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
> message
> | > | news:fvs6xS5pFHA.1204@xxxxxxxxxxxxxxxxxxxxxxxx
> | > | > HI Gregg,
> | > | >
> | > | > Thanks for posting here.
> | > | >
> | > | > Issue description:
> | > | >
> | > | > ===========
> | > | > I understand that you want to deny a remote user to be able to
> access
> | > the
> | > | > workstation via RWW.
> | > | >
> | > | > Analyzing and suggestions:
> | > | >
> | > | > ===========
> | > | >
> | > | > As I know, it is possible to deny user to logon client computer
> via
> | > RDP
> | > | > while allow the computer to logon domain locally. Please refer to
> my
> | > | > suggestions below, please note that you may have to configure the
> | > group
> | > | > policy on the client computer.
> | > | >
> | > | > We suggest you create a special group for this kinds of user. in
> order
> | > to
> | > | > deny them logon client computer through RWW, please note that it
> will
> | > also
> | > | > deny user to RDP to other client computer while they use
> workstation
> | > on
> | > | > local, as they use the same process in RWW and RDP.
> | > | >
> | > | > 1. Logon the client computer on SBS domain.
> | > | > 2. Run group policy management to change local policy. (run
> gpedit.msc
> | > on
> | > | > the command line)
> | > | > 3. Navigate to Computer Configuration->Windows Setting->Security
> | > | > Settings->User Rights Assignments
> | > | > 4. In the right pane, you will find the Deny log on through
> terminal
> | > | > services.
> | > | > 5. Click it and add the certain user from domain.
> | > | >
> | > | >
> | > | >
> | > | > Hope the above information helpful, if you have any further
> concerns,
> | > | > please feel free to let me know. I am glad to help you.
> | > | >
> | > | >
> | > | >
> | > | > Best regards,
> | > | >
> | > | > Charles Yang (MSFT)
> | > | >
> | > | > Microsoft CSS Online Newsgroup Support
> | > | >
> | > | > Get Secure! - www.microsoft.com/security
> | > | >
> | > | > ======================================================
> | > | > This newsgroup only focuses on SBS technical issues. If you have
> | > issues
> | > | > regarding other Microsoft products, you'd better post in the
> | > corresponding
> | > | > newsgroups so that they can be resolved in an efficient and timely
> | > manner.
> | > | > You can locate the newsgroup here:
> | > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | > | >
> | > | > When opening a new thread via the web interface, we recommend you
> | > check
> | > | > the
> | > | > "Notify me of replies" box to receive e-mail notifications when
> there
> | > are
> | > | > any updates in your thread. When responding to posts via your
> | > newsreader,
> | > | > please "Reply to Group" so that others may learn and benefit from
> your
> | > | > issue.
> | > | >
> | > | > Microsoft engineers can only focus on one issue per thread.
> Although
> | > we
> | > | > provide other information for your reference, we recommend you
> post
> | > | > different incidents in different threads to keep the thread clean.
> In
> | > | > doing
> | > | > so, it will ensure your issues are resolved in a timely manner.
> | > | >
> | > | > For urgent issues, you may want to contact Microsoft CSS directly.
> | > Please
> | > | > check http://support.microsoft.com for regional support phone
> numbers.
> | > | >
> | > | > Any input or comments in this thread are highly appreciated.
> | > | > ======================================================
> | > | > This posting is provided "AS IS" with no warranties, and confers
> no
> | > | > rights.
> | > | >
> | > | >
> | > | > =====================================================
> | > | > When responding to posts, please "Reply to Group" via your
> newsreader
> | > so
> | > | > that others may learn and benefit from your issue.
> | > | > =====================================================
> | > | >
> | > | > This posting is provided "AS IS" with no warranties, and confers
> no
> | > | > rights.
> | > | >
> | > | > --------------------
> | > | > | Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
> | > | > | From: "Gregg Hill" <bogus@xxxxxxxxxxx>
> | > | > | Subject: Can RWW logins be restricted wthout affecting LAN
> logins?
> | > | > | Date: Mon, 22 Aug 2005 16:07:36 -0700
> | > | > | Lines: 13
> | > | > | X-Priority: 3
> | > | > | X-MSMail-Priority: Normal
> | > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> | > | > | X-RFC2646: Format=Flowed; Original
> | > | > | Message-ID: <OOcXK52pFHA.712@xxxxxxxxxxxxxxxxxxxx>
> | > | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | > | NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com
> 67.52.120.182
> | > | > | Path:
> | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> | > | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > microsoft.public.windows.server.sbs:146795
> | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > | > |
> | > | > | Hello!
> | > | > |
> | > | > | Can SBS restrict which computers a remote user can access? I
> would
> | > like
> | > | > to
> | > | > | be able to have several users access only their own workstations
> | > from
> | > a
> | > | > | remote location via RWW, but still be able to use roaming
> profiles
> | > to
> | > | > work
> | > | > | from several different stations when on the LAN.
> | > | > |
> | > | > | I know I can assign their account to only allow logon from
> certain
> | > | > stations,
> | > | > | but that restricts the LAN also.
> | > | > |
> | > | > | Gregg Hill
> | > | > |
> | > | > |
> | > | > |
> | > | >
> | > |
> | > |
> | > |
> | >
> |
> |
> |
>
.
- Follow-Ups:
- Re: Can RWW logins be restricted wthout affecting LAN logins?
- From: "Charles Yang [MSFT]"
- Re: Can RWW logins be restricted wthout affecting LAN logins?
- References:
- Can RWW logins be restricted wthout affecting LAN logins?
- From: Gregg Hill
- RE: Can RWW logins be restricted wthout affecting LAN logins?
- From: "Charles Yang [MSFT]"
- Re: Can RWW logins be restricted wthout affecting LAN logins?
- From: Gregg Hill
- Re: Can RWW logins be restricted wthout affecting LAN logins?
- From: "Charles Yang [MSFT]"
- Re: Can RWW logins be restricted wthout affecting LAN logins?
- From: Gregg Hill
- Re: Can RWW logins be restricted wthout affecting LAN logins?
- From: "Charles Yang [MSFT]"
- Can RWW logins be restricted wthout affecting LAN logins?
- Prev by Date: I need disk 2 for SBS 2003 Prem
- Next by Date: Re: Error binding to local domain
- Previous by thread: Re: Can RWW logins be restricted wthout affecting LAN logins?
- Next by thread: Re: Can RWW logins be restricted wthout affecting LAN logins?
- Index(es):
Relevant Pages
|
