Re: Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/14/05
- Next message: Roger Abell: "Re: A question about running box"
- Previous message: Oli Restorick [MVP]: "Re: Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue"
- In reply to: Silly: "Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue"
- Next in thread: Steven L Umbach: "Re: Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 May 2005 05:40:55 -0700
Oli gave you a good pointer, that Deny overrides affirmative grants,
and denying Everyone would mean no account could log in except
over the network.
There is really no reason to use Deny Logon Locally except where
some account do have a grant to Logon Locally due to the groups
given that right. For example, if Users is allowed to login but there
are a couple of account in Users that should not be able to log on.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Silly" <Silly@discussions.microsoft.com> wrote in message news:57C2CC48-5875-43DB-8CE1-006C42AE2117@microsoft.com... > What will be affected if I enable the "Deny logon locally" to those groups? > Thanks
- Next message: Roger Abell: "Re: A question about running box"
- Previous message: Oli Restorick [MVP]: "Re: Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue"
- In reply to: Silly: "Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue"
- Next in thread: Steven L Umbach: "Re: Should I "Deny logon locally" to ANONYMOUS LOGON, Everyone and Gue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
