Re: Prevent users from login into servers

From: "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Apr 2008 21:34:35 -0700

Jordy wrote:

Ya I understand about the locked down part, but at the moment, that
is not a solution. It will be in the future....

But the end users still should not be able to login, and I don't
understand why. I have created a group policy that has restricted
groups in it to all all users to have local admin rights to there
PC's (I know, a bad idea, but needed at the moment).

They are able to login to any server, these are not DC's...

Thanks

Sounds like "users" (Domain Users?) have been granted the "logon locally
right" which is not by default. Because this sounds like multiple servers it
likely has been set in some group policy setting. Check one of your servers
to see if it has in fact been set, then you'll need to track down where.

"Lanwench [MVP - Exchange]" wrote:

Jordy <Jordy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Hello

Is there a way to prevent users (not domain admins) from login into
servers. We have an enviroment were the servers are accessable to
end users

You should have a locked cabinet or room, apart from everything
else. If you don't have physical security you don't have any
security at all.

and I need to prevent them from Login into the server directly,

End users should not be able to log into your servers now, either at
the console or via RD (unless this is a terminal server). Are they?
If so, perhaps they're members of groups they shouldn't be - or
someone has been monkeying around with policies.

but still have access to file and print when they login to
workstation.

Thanks

--
/kj

.

Follow-Ups:
- Re: Prevent users from login into servers
  - From: Jordy

References:
- Prevent users from login into servers
  - From: Jordy
- Re: Prevent users from login into servers
  - From: Lanwench [MVP - Exchange]
- Re: Prevent users from login into servers
  - From: Jordy

Prev by Date: re-edit and save message in outlook?
Next by Date: Re: Prevent users from login into servers
Previous by thread: Re: Prevent users from login into servers
Next by thread: Re: Prevent users from login into servers
Index(es):
- Date
- Thread

Relevant Pages

Re: Linux authentication via AD
... Primarily I need to integrate Linux ... servers, but I do have a few OpenBSD servers. ... > a way to do this under older AIX) allows people to login authenticating ... > text passwords authenticate to the Windows Password Server as well. ...
(comp.os.linux.security)
Re: Update site?
... The reason I needed to login from the same machine is - ... > Users by default are NOT allowed to logon to servers. ... You can change this in the Domain Security Policy I ... there open Domain Controller security policy. ...
(microsoft.public.exchange.admin)
LDAP password authentication/modification schemes
... We are considering using LDAP to replace NIS+. ... SSL to encrypt the client to LDAP server transactions. ... authentication would be required for login, ... understand the servers responses and/or provide the appropriate responses to ...
(comp.sys.hp.hpux)
Re: UNABLE TO CONNECT???
... realm logins have been nerfed!!!!!!!!!!! ... > login servers ftw! ... own login access? ... on their servers. ...
(alt.games.warcraft)
Re: Server Logins
... Users can logon to "ordinary computer" but by default are not able to logon ... What you can do is create new OU named e.g. Servers OU. ... this OU and create new group policy. ... > user to be able to login, ...
(microsoft.public.windows.server.security)