Jump to content
Compatible Support Forums
Sign in to follow this  
GTwannabe

2k Advanced Server account question

Recommended Posts

In 2k Advanced server, is there a way to add users but disable their ability to logon the system? I want to give other machines access to my shares, but want to remain the only account that can actually login to use the system.

Share this post


Link to post

Kinda sorta. You can remove the ability to control local access via both the "Log On Locally" and "Deny Logon Locally" local policy settings in the system's policy manager. You can access this by running "Secpol.msc" from Start>Run, and then going to Security Settings>Local Policies>User Rights Assignment. However, you can't add machines directly to this (to get around this, create a new group for the intended machines and add them to it) and most attempts to get at shares are done using the user's credentials. What are you trying to do? Are you simply attempting to share out files, yet not allow people to logon interactively (using the console)? In order to access anything from the server, the credentials have to be valid and permitted in the security policy. But that also allows someone with the same credentials to logon if he/she is in front of the computer. Try using "Deny Logon Locally" for the users, and just make sure that they are still in "Access This Computer from the Network".

Share this post


Link to post

I seem to recall that under NT4 you could deny users the ability to logon locally by making sure their accounts weren;t members of any local groups (Users, Power Users, Administrators etc). Does that carry over into 2k?

Share this post


Link to post

Users added to the users and groups in W2K server if I remember correctly do not have the right to logon locally by default.

If you want any to have the ability, you must add them to the ACL, or administrators group.

A quick easy way to check is to add a new user and then try logging on to the server.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×