Re: Preventing users logging in to a secondary server

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

On Jul 9, 5:28 pm, "kj [SBS MVP]" <KevinJ....@xxxxxxxxxxxxxxxxxx>
wrote:
Andrew McNab wrote:
If the new server is going to be a sub-domain of the current server,
this should not be an issue if you don't configure AD to propagate to
sub-domains. Attempting to log into the new sub-domain will fail due
to the AD users not residing on that domain.

"Child Domains" are not permitted in SBS 2003, neither are "Parent Domains".



If the new server is part of a load balance and shares the same
domain name, only the original server has the domain controller on it
I believe and the new server will perform roles to take the load off
the domain controller.

"Nyerere" wrote:

I'm currently running a network with 1 SBS 2003 with 20 licences and
there are 15 users on the network. I now want to add an extra server
2003 (Standard Edition) also joining the SBS domain but I don't want
any of the users logging in to it. They need to log in only on the
SBS. How can I prevent them from logging in to the new Server?

Domain Controllers *authenticate* domain users. Member Servers authenticate
local user accounts (just like a workstation). The only way to "logon to"
either is A) at the consolel B) Through an RDP/RWW session.

I'm pretty sure you (Ayanda) meant 'authenticate' but these are important
differences. Please describe more about what you plan your second server is
expected to do for your environment.



Regards
Ayanda

--
/kj

The second server will act as MOM and Symantec Anti-Virus Server and
one of MOM pre-requirements is for the Server to be a DC and it needs
to be part of the same domain in order to monitor devices. Any
suggestions?

Ayanda

.

Relevant Pages

  • CIFS Authentication in AD 2003
    ... We have a HPUX server running FacetWin on ... authenticate domain users looking to access its resources. ... Everything was working perfectly when our main domain controller was ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to know which Active Directory Server Ive logged on?
    ... server is the user's exchange home server. ... Users from a certain domain can authenticate against every ... location then a user is authenticated by a domain controller covering ...
    (microsoft.public.win2000.active_directory)
  • Re: How to know which Active Directory Server Ive logged on?
    ... "Marwan Kandeel" wrote: ... server is the user's exchange home server. ... Users from a certain domain can authenticate against every ... location then a user is authenticated by a domain controller covering ...
    (microsoft.public.win2000.active_directory)
  • Re: Sites and Services
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... The workstation should always prefer to authenticate to a DC in its site first. ... In your situation they should also be DNS servers and the local clients should have the local DC/GC/DNS server set as the preferred DNS server via DHCP. ... I have a power domain controller onsite. ...
    (microsoft.public.windows.server.active_directory)
  • RE: hosts not using alternate DCs
    ... These enable a client to locate a domain controller that is running the ... Windows Server 2003–based domain controllers that are running the KDC service ... > could not authenticate with the shopcart server causing our website to go ... i have since gone in and configured replication to auto discover ...
    (microsoft.public.windows.server.active_directory)