Re: Admin shares no longer accessible for users not in domain admins

Thanks for the advice Roger,

The machine may well have sessions to this server under another account. It
is actually the IT manager who wants to be able to access admin shares every
now and again and was wondering why he couldn't. He has multiple connections
to all his servers and also multiple RDP sessions. I might advise trying
from another machine with no other sessions to try and pin the problem down
further. Meanwhile I will advise just using specific shares.

Cheers

Rich


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uP3UlqiZGHA.3740@xxxxxxxxxxxxxxxxxxxxxxx

<Centra@xxxxxxxxxxxxxxxxx> wrote in message
news:eGjLWWgZGHA.4580@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

Quick question, we have removed all users from the administrators/ domain
admin groups for security reasons. However one side affect of this has
been
that we can no longer brows to unc admin shares eg: \\server1\c$ even
when
we use the administrator username and password and with the domain prefix
eg: domain\administrator as the user when prompted for an authorised
user.

Does anybody know if this is standard behaviour and if it is is there a
way
round it? Or is is down to s Group policy setting that we may have added
in
the past for example?


This is not standard behavior if the Administrator account is not
renamed, disabled, denied/not-granted network logon, and if the
account attempting the mapping does not already have a session
with the same server.

I have to wonder - since you have removed the excessive grant
for security reasons, why are you now trying to defeat a part of
that heightened protection? It would make much more sense to
assess to what it is that Users actually does need access and then
to share that out for the Users.





.

Relevant Pages

  • Re: Local Account Locked out
    ... Check the "Account lockout policy" in the local security settings for the ... > Windows 2003 Advanced Server. ... > There will be 2-3 sessions with the same user name open. ...
    (microsoft.public.windows.terminal_services)
  • Re: Event ID 538 Logon Type 3 NT AUTHORITY/ANONYMOUS LOGON
    ... server for successful anonymous logoff which indicates that these events may ... Client for Microsoft Networks enabled on your server is causing the null ... > In your response, you mentioned 'null sessions'. ... > Computer Browser service is disabled on ...
    (microsoft.public.win2000.security)
  • RE: Terminal server exeeded the maximum number of allowed connections
    ... server, please perform the following steps to see whether other users are ... Remote Desktop connections yours? ... double-click RDP-Tcp in the Connections folder and click the Sessions tab. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: where can i set the number of concurrent nx users?
    ... even thought the default is 20, which i assume means 20 concurrent ... as soon as the second user tries to connect... ... "Reached the maximum number of allowed users on this server" ... what do i need to do to allow multiple simultaneous user sessions? ...
    (Ubuntu)
  • Re: intermittent Oracle session explosion
    ... Citrix server. ... contiguous memory from the shared pool and starts to flush ... the front-end panic and send in lots more new connection ... Eventually no more sessions can connect, ...
    (comp.databases.oracle.server)