Re: Server Logins

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 11/23/04

• Next message: The Poster: "Web Services - Monitoring Software"
• Previous message: Phil McNeill: "port blocking on Windows 2000/2003 servers"
• In reply to: AjjuAjju: "Server Logins"
• Next in thread: Roger Abell [MVP]: "Re: Server Logins"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 23 Nov 2004 18:12:23 +0100

Hi,

Users can logon to "ordinary computer" but by default are not able to logon
to e.g. domain controllers.

What you can do is create new OU named e.g. Servers OU. Put all computers in
this OU and create new group policy. Edit the policy and under Computer
configuration -> Windows Settings -> Security Settings -> Local Policies ->
User Right Assignment.

Look for policy named "Allow logon locally" and remove "Users". Mainly you
could leave in here only Administrators and any other user (e.g. Power
Users, Backup Operators) that need to work on the server.

Be very careful what you do, you _can_ lock yourself out! Don't e.g.
Everyone or Users group into e.g. "Deny logon locally"...

I hope this helps,

Mike

"AjjuAjju" <ajjuajju@gmail.com> wrote in message
news:a5def859.0411230720.488c3c77@posting.google.com...
> I've asked this before but didn't get an answer that works. For some
> reason, uses in our domain can login to Servers from the console (I've
> tested this with a test account - users can't actually get physical
> access to the servers.) As a security measure, I don't want a domain
> user to be able to login, if they somehow got access.
>
> How do I do this? I tried using a GP but I thought that domain users
> by default cannot login to W2k server.
>
> Thanks.

• Next message: The Poster: "Web Services - Monitoring Software"
• Previous message: Phil McNeill: "port blocking on Windows 2000/2003 servers"
• In reply to: AjjuAjju: "Server Logins"
• Next in thread: Roger Abell [MVP]: "Re: Server Logins"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Problems with trying to create a logon banner ( or login banner) ... I am trying to make a logon (login) banner that will display the rules ... Microsoft Windows XP Operating System Group Policy Result tool ... Filtering: Not Applied ... (microsoft.public.windows.server.active_directory) Re: Prevent users from login into servers ... I have created a group policy that has restricted ... They are able to login to any server, ... Because this sounds like multiple servers it ... If you don't have physical security you don't have any ... (microsoft.public.windows.server.setup) Re: Server Logins ... Logon on Locally in Domain group policies and Local ... determine which Group Policy is being applied on server and look the user ... > user to be able to login, ... > by default cannot login to W2k server. ... (microsoft.public.windows.server.security) Re: Problems with trying to create a logon banner ( or login banner) ... I am trying to make a logon (login) banner that will display the rules ... OR that you made the changes to the Default Domain Policy (and ... Applied Group Policy Objects ... (microsoft.public.windows.server.active_directory) Domain Issues (Windows 2003) ... servers to this domain and can logon to them with a domain account. ... Some worked fine and I was able to login with domain accounts, ... (microsoft.public.windows.server.setup)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint