Re: Windows equiv of UNIX "Restricted Users"??

---

• From: "Arthur Dent" <hitchhikersguideto-news@xxxxxxxxx>
• Date: Tue, 20 Feb 2007 10:35:44 -0500

---

Yah, thats what i wound up doing... going with the local machine account. I was just curious if there was anyway to effect that kind of domain user; its a network i did not set up, and am coming into semi-admining after the fact, so i dont have control of how things were done.. and was just hoping there would be some way of doing it without having to go modify every network resouce after the fact to remove the Everyone access.
I guess not....
Thanks for the help though! :)


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message news:O5XJ06KVHHA.1212@xxxxxxxxxxxxxxxxxxxxxxx

If as one builds out a Windows AD domain one does not spec the
allowed login usages of machines (local and net) and so one just
lets things default, then you end up pretty much with any domain
account able to access any non-DC either way (it is actually even
more loose than that).

Just because the defaults exist does not mean one should accept
them, since, after all, they are defined to be reasonably restrictive
while yet allowing for the most common scenarios to work.

If each machine as added is controlled as to the allowed local
and network logins based on its use case, then your need would
be simply filled. However, with Everyone and Users still in
the Network and Users still in the local login rights on numerous
machines, defining a domain account does grant broad access.
Under those conditions use of a machine local account can often
be the most simple solution to effect restriction.

Roger

.

---

• Follow-Ups:
  • Re: Windows equiv of UNIX "Restricted Users"??
    • From: Roger Abell [MVP]

• References:
  • Re: Windows equiv of UNIX "Restricted Users"??
    • From: Roger Abell [MVP]

• Prev by Date: Re: Windows equiv of UNIX "Restricted Users"??
• Next by Date: Re: Windows XPx64 does not require user authenication against Sharepoi
• Previous by thread: Re: Windows equiv of UNIX "Restricted Users"??
• Next by thread: Re: Windows equiv of UNIX "Restricted Users"??
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: RDP works as admin, not user, black screen (3rd request for help) ... & Smart Display MVP) ... >account, it works!!!! ... >in, and then remains black, no successful login. ... >PC's on the network do work as they are supposed ... (microsoft.public.windowsxp.work_remotely) Re: Domain Changed (HELP Please!!) ... So if all users on this active directory have local admin rights, ... be able to login under my previous account username? ... >> I have a Dell laptop and it was setup to login to an active directory system ... >> network at the hotel. ... (microsoft.public.windowsxp.configuration_manage) Re: Password expiration and non-interactive access question ... I see an account with NETWORK access only allowed and a recent network ... There is no way for a NETWORK login to change the password, ... Unofficial OpenVMS Hobbyist Support Page: ... (comp.os.vms) Re: Windows equiv of UNIX "Restricted Users"?? ... the Network and Users still in the local login rights on numerous ... defining a domain account does grant broad access. ... the "Everyone" permissions in Windows, will be limited to have access ONLY ... (microsoft.public.windows.server.security) Re: Password expiration and non-interactive access question ... I see an account with NETWORK access only allowed and a recent network ... There is no way for a NETWORK login to change the password, ... tools would flag this. ... (comp.os.vms)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2007-02