Re: Prevent users from login into servers
- From: "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 4 May 2008 21:47:40 -0700
Hank Arnold (MVP) wrote:
A 2x4 is being too gentle. "Tactical Nuclear Device" is what comes to
mind for me... ;-)
Quick and effective, but it's all over in a flash.
Excessive pain and suffering with the opportunity for multiple 'lessons' are
need here.
<g>
I'm *still* running into places 6 years later where "everyone" has
rights to certain resources. I change them to "Domain Users" at a
minimum...
--
Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
kj [SBS MVP] wrote:
Jordy wrote:A 2x4 is being to gentle. Tactical Nuclear Device is what comes to
Hello
I looked at User rights, log on Locally. I have the group
Administrators, which I assume is a local group, in that local
group, I have pushed down Domain admins and Local Admins. Everyone
is part of the local Admins, which I assume explains the issue.
No the golden question, how do I get around that :) ?
"everyone" group is a member of Local Adminstrators? That would do
it. Remove "Everyone" group from the "local adminstrators group " and
track down who made that 'decision'. I know someone with a two by
four you can borrow if needed.
Thanks
"kj [SBS MVP]" wrote:
Jordy wrote:
Ya I understand about the locked down part, but at the moment,Sounds like "users" (Domain Users?) have been granted the "logon
that is not a solution. It will be in the future....
But the end users still should not be able to login, and I don't
understand why. I have created a group policy that has restricted
groups in it to all all users to have local admin rights to there
PC's (I know, a bad idea, but needed at the moment).
They are able to login to any server, these are not DC's...
Thanks
locally right" which is not by default. Because this sounds like
multiple servers it likely has been set in some group policy
setting. Check one of your servers to see if it has in fact been
set, then you'll need to track down where.
--
"Lanwench [MVP - Exchange]" wrote:
Jordy <Jordy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
HelloYou should have a locked cabinet or room, apart from everything
Is there a way to prevent users (not domain admins) from login
into servers. We have an enviroment were the servers are
accessable to end users
else. If you don't have physical security you don't have any
security at all.
and I need to prevent them from Login into the server directly,End users should not be able to log into your servers now, either
at the console or via RD (unless this is a terminal server). Are
they? If so, perhaps they're members of groups they shouldn't be
- or someone has been monkeying around with policies.
but still have access to file and print when they login to
workstation.
Thanks
/kj
mind for me... ;-)
I'm still running into places 6 years later where "everyone" has
rights to resources. I change them to "Domain Users" at a minimum...
--
/kj
.
- References:
- Re: Prevent users from login into servers
- From: Hank Arnold (MVP)
- Re: Prevent users from login into servers
- Prev by Date: Re: Cannot join Domain
- Next by Date: Windows Installer directory
- Previous by thread: Re: Prevent users from login into servers
- Next by thread: Windows Installer directory
- Index(es):
Relevant Pages
|
