Re: Default Users properties

From: Pat (htech_at_hotmail.com)
Date: 01/31/04


Date: Sat, 31 Jan 2004 12:09:47 -0500

thank you for the response
On Sat, 31 Jan 2004 01:43:23 GMT, "Steven Umbach"
<n9rou@n0spam-comcast.net> wrote:

>They can connect, but can not do much as a regular user. The main thing you can
>do to prevent access to other servers is to disable their ability to use
>Computer Management via Group Policy user configuration/administrative
>templates/Windows components/Microsoft Management Console/restricted&permitted
>snapins. You can also control access to other computers in the domain by using
>ipsec policies and modifying the user rights assignments for access this
>computer from the network and deny access to this computer form the network. Do
>not change those user rights on domain controllers however, or a user may not be
>able to logon to the domain. Be careful when applying Group Policy because if
>you apply it at the domain level it will also apply to administrators unless you
>give them deny permissions to apply in the GPO security policies which is
>referred to as "filtering" policy. --- Steve
>
>
>"Pat" <htech@hotmail.com> wrote in message
>news:gsol10lgshk9dtcbnb57grjd830jnif8u7@4ax.com...
>> If I create a new user and it is only a member of the domain users, I
>> log on with that user and can connect to a server thru computer
>> management . where would it pick up these rights, i want to remove
>> them.
>>
>> On Fri, 30 Jan 2004 22:01:16 GMT, "Steven L Umbach"
>> <sumbach@nospam-ameritech.net> wrote:
>>
>> >The administrator, domain admins, and enterprise admins have everything but
>> >full control, system has full control, authenticated users has read,
>> >everyone has change password, and if present the pre-2000 group has read.
>> >You can also use the dsacls /s command to reset any object or container back
>> >to default settings as defined in the schema if need be. Be very careful
>> >changing any AD permissions and document/test well as you can prevent users
>> >from changing passwords, prevent administrators from modifying Group Policy,
>> >prevent Group Policy from applying to users, etc. --- Steve
>> >
>> >http://support.microsoft.com/default.aspx?scid=kb;en-us;281146
>> >
>> >"Pat" <htech@hotmail.com> wrote in message
>> >news:vo6l10tdutfvfmhu02u8ftic3c319qhvfh@4ax.com...
>> >> Running W2K with AD, what are the default Security settings for the
>> >> User folder in AD?
>> >
>>
>



Relevant Pages

  • RE: log on as a service
    ... account when a server builds. ... Once you specify this setting in group policy, ... the local setting for all servers the GPO applies to (i.e. all 200 servers in ... User rights applied via policy are not additive, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Terminal Server GPO Issue
    ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
    (microsoft.public.windows.server.active_directory)
  • Re: Terminal Server GPO Issue
    ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
    (microsoft.public.windows.server.active_directory)
  • Re: Application error log
    ... Disclaimer: This posting is provided "AS IS" with no warranties, ... I have 3 servers in our office running win 2003 R2 servers ... I did not set any group policy in my servers. ...
    (microsoft.public.windows.server.networking)
  • Re: Unable to Block Group Policy Inheritance
    ... have a group policy named Login that is at the user level that maps ... named Servers that I want to block the inheritance of the group policy ... This means that you cannot block inheritance ...
    (microsoft.public.windows.server.active_directory)