GTwannabe 0 Posted May 16, 2002 In 2k Advanced server, is there a way to add users but disable their ability to logon the system? I want to give other machines access to my shares, but want to remain the only account that can actually login to use the system. Share this post Link to post
clutch 1 Posted May 16, 2002 Kinda sorta. You can remove the ability to control local access via both the "Log On Locally" and "Deny Logon Locally" local policy settings in the system's policy manager. You can access this by running "Secpol.msc" from Start>Run, and then going to Security Settings>Local Policies>User Rights Assignment. However, you can't add machines directly to this (to get around this, create a new group for the intended machines and add them to it) and most attempts to get at shares are done using the user's credentials. What are you trying to do? Are you simply attempting to share out files, yet not allow people to logon interactively (using the console)? In order to access anything from the server, the credentials have to be valid and permitted in the security policy. But that also allows someone with the same credentials to logon if he/she is in front of the computer. Try using "Deny Logon Locally" for the users, and just make sure that they are still in "Access This Computer from the Network". Share this post Link to post
Admiral LSD 0 Posted May 23, 2002 I seem to recall that under NT4 you could deny users the ability to logon locally by making sure their accounts weren;t members of any local groups (Users, Power Users, Administrators etc). Does that carry over into 2k? Share this post Link to post
futuretech 0 Posted June 8, 2002 Users added to the users and groups in W2K server if I remember correctly do not have the right to logon locally by default. If you want any to have the ability, you must add them to the ACL, or administrators group. A quick easy way to check is to add a new user and then try logging on to the server. Share this post Link to post