I have a machine on my network (peer-to-peer workgroup)
running 2000 Professional which will allow any user from
that workgroup to log on to it, regardless of whether they
have an existing login defined in Users and Passwords. Is
there any way to change this?
I want only specified users to be able to log on to this
machine.

I asume you mean network logon as accessing a share?? You can not logon to a
machine locally at the console unless you have a user account to
authenticate against the local sam [unless autologon is enabled]. My guess
is that the guest account may be enabled on the machine offering shares in
which case any network user can access it. If it is enabled, disable via
lusrmgr.msc [enter in run box] and select users/guest account and then
disable it. --- Steve


"Timber" <(E-Mail Removed)> wrote in message
news:09a201c3fd7a$536bb170$(E-Mail Removed)...
> I have a machine on my network (peer-to-peer workgroup)
> running 2000 Professional which will allow any user from
> that workgroup to log on to it, regardless of whether they
> have an existing login defined in Users and Passwords. Is
> there any way to change this?
> I want only specified users to be able to log on to this
> machine.

I'm sorry, I didn't explain well. I have a machine
running NT 4.0 Server that is a part of the workgroup.
My 2000 allows any person locally at it to log on to
either (this computer) or to the workgroup.
If they choose to log on to the workgroup, any user
defined on the NT 4.0 Server can log on to the 2000
without being defined in it's Users and Passwords.

>-----Original Message-----
>I asume you mean network logon as accessing a share?? You
can not logon to a
>machine locally at the console unless you have a user
account to
>authenticate against the local sam [unless autologon is
enabled]. My guess
>is that the guest account may be enabled on the machine
offering shares in
>which case any network user can access it. If it is
enabled, disable via
>lusrmgr.msc [enter in run box] and select users/guest
account and then
>disable it. --- Steve
>
>
>"Timber" <(E-Mail Removed)> wrote in
message
>news:09a201c3fd7a$536bb170$(E-Mail Removed)...
>> I have a machine on my network (peer-to-peer workgroup)
>> running 2000 Professional which will allow any user from
>> that workgroup to log on to it, regardless of whether
they
>> have an existing login defined in Users and Passwords.
Is
>> there any way to change this?
>> I want only specified users to be able to log on to this
>> machine.
>
>
>.
>

Btw--> the guest account is already disabled.
In case you're right, is there any way to disable the
Guest group? I'm not seeing that option.

>-----Original Message-----
>I asume you mean network logon as accessing a share?? You
can not logon to a
>machine locally at the console unless you have a user
account to
>authenticate against the local sam [unless autologon is
enabled]. My guess
>is that the guest account may be enabled on the machine
offering shares in
>which case any network user can access it. If it is
enabled, disable via
>lusrmgr.msc [enter in run box] and select users/guest
account and then
>disable it. --- Steve
>
>
>"Timber" <(E-Mail Removed)> wrote in
message
>news:09a201c3fd7a$536bb170$(E-Mail Removed)...
>> I have a machine on my network (peer-to-peer workgroup)
>> running 2000 Professional which will allow any user from
>> that workgroup to log on to it, regardless of whether
they
>> have an existing login defined in Users and Passwords.
Is
>> there any way to change this?
>> I want only specified users to be able to log on to this
>> machine.
>
>
>.
>

I am still confused. There are two types of normal use logon. Interactive/console
where a user logs onto the local computer entering their logon name and password to
get access, or network where a user already logged onto a local computer tries to
access a network share on another computer. There is not a workgroup logon per se. A
user logged onto a local computer will need to have credentials to access a share on
a network computer, either their logged on credentials or they will be prompted for
credentials to access the share if their user account that they are logged onto the
local computer does not exist on the target computer offering the share. However if
the computer offering the share has the guest account enabled and the share/ntfs
permissions include the everyone group then anyone from anywhere will get access even
if they do not have a user account on the computer offering the share. --- Steve


"Timber" <(E-Mail Removed)> wrote in message
news:375501c3fd83$eae73570$(E-Mail Removed)...
> I'm sorry, I didn't explain well. I have a machine
> running NT 4.0 Server that is a part of the workgroup.
> My 2000 allows any person locally at it to log on to
> either (this computer) or to the workgroup.
> If they choose to log on to the workgroup, any user
> defined on the NT 4.0 Server can log on to the 2000
> without being defined in it's Users and Passwords.
>
> >-----Original Message-----
> >I asume you mean network logon as accessing a share?? You
> can not logon to a
> >machine locally at the console unless you have a user
> account to
> >authenticate against the local sam [unless autologon is
> enabled]. My guess
> >is that the guest account may be enabled on the machine
> offering shares in
> >which case any network user can access it. If it is
> enabled, disable via
> >lusrmgr.msc [enter in run box] and select users/guest
> account and then
> >disable it. --- Steve
> >
> >
> >"Timber" <(E-Mail Removed)> wrote in
> message
> >news:09a201c3fd7a$536bb170$(E-Mail Removed)...
> >> I have a machine on my network (peer-to-peer workgroup)
> >> running 2000 Professional which will allow any user from
> >> that workgroup to log on to it, regardless of whether
> they
> >> have an existing login defined in Users and Passwords.
> Is
> >> there any way to change this?
> >> I want only specified users to be able to log on to this
> >> machine.
> >
> >
> >.
> >

I'm not concerned about the computer's shares. I'm
speaking about a person physically logging onto this
specific PC/console.
They are given a choice at the Log on to Windows
screen "Log on to [pull-down menu]"; our workgroup (which
is managed by our NT 4.0 Server) is allowed as a choice in
this pull-down menu. If they are recognized as a user
defined in the NT Server, this physical windows 2000 PC
will allow them to log on to it, even though they are not
defined as a user in the PC's User and Password settings.
Is there any way to stop this?

>-----Original Message-----
>I am still confused. There are two types of normal use
logon. Interactive/console
>where a user logs onto the local computer entering their
logon name and password to
>get access, or network where a user already logged onto a
local computer tries to
>access a network share on another computer. There is not
a workgroup logon per se. A
>user logged onto a local computer will need to have
credentials to access a share on
>a network computer, either their logged on credentials or
they will be prompted for
>credentials to access the share if their user account
that they are logged onto the
>local computer does not exist on the target computer
offering the share. However if
>the computer offering the share has the guest account
enabled and the share/ntfs
>permissions include the everyone group then anyone from
anywhere will get access even
>if they do not have a user account on the computer
offering the share. --- Steve
>
>
>"Timber" <(E-Mail Removed)> wrote in
message
>news:375501c3fd83$eae73570$(E-Mail Removed)...
>> I'm sorry, I didn't explain well. I have a machine
>> running NT 4.0 Server that is a part of the workgroup.
>> My 2000 allows any person locally at it to log on to
>> either (this computer) or to the workgroup.
>> If they choose to log on to the workgroup, any user
>> defined on the NT 4.0 Server can log on to the 2000
>> without being defined in it's Users and Passwords.
>>
>> >-----Original Message-----
>> >I asume you mean network logon as accessing a share??
You
>> can not logon to a
>> >machine locally at the console unless you have a user
>> account to
>> >authenticate against the local sam [unless autologon is
>> enabled]. My guess
>> >is that the guest account may be enabled on the machine
>> offering shares in
>> >which case any network user can access it. If it is
>> enabled, disable via
>> >lusrmgr.msc [enter in run box] and select users/guest
>> account and then
>> >disable it. --- Steve
>> >
>> >
>> >"Timber" <(E-Mail Removed)> wrote in
>> message
>> >news:09a201c3fd7a$536bb170$(E-Mail Removed)...
>> >> I have a machine on my network (peer-to-peer
workgroup)
>> >> running 2000 Professional which will allow any user
from
>> >> that workgroup to log on to it, regardless of whether
>> they
>> >> have an existing login defined in Users and
Passwords.
>> Is
>> >> there any way to change this?
>> >> I want only specified users to be able to log on to
this
>> >> machine.
>> >
>> >
>> >.
>> >
>
>
>.
>

OK. Then they have the option to logon to the domain or the local machine.
You can configure who can logon to a W2K computer via Local Security Policy
[secpol.msc]. Go to security settings/local policies/user righjts
assignments and configure logon locally to only have the users/groups that
you want to logon probably removing users and everyone and leaving
administrators and other specfic users or a group you create and add members
to. There is also a deny logon locally user right, but be careful with deny
permissions as administrator are also members of the users and everyone
group. --- Steve



"Timber" <(E-Mail Removed)> wrote in message
news:59e901c40083$4f0e75c0$(E-Mail Removed)...
> I'm not concerned about the computer's shares. I'm
> speaking about a person physically logging onto this
> specific PC/console.
> They are given a choice at the Log on to Windows
> screen "Log on to [pull-down menu]"; our workgroup (which
> is managed by our NT 4.0 Server) is allowed as a choice in
> this pull-down menu. If they are recognized as a user
> defined in the NT Server, this physical windows 2000 PC
> will allow them to log on to it, even though they are not
> defined as a user in the PC's User and Password settings.
> Is there any way to stop this?
>
> >-----Original Message-----
> >I am still confused. There are two types of normal use
> logon. Interactive/console
> >where a user logs onto the local computer entering their
> logon name and password to
> >get access, or network where a user already logged onto a
> local computer tries to
> >access a network share on another computer. There is not
> a workgroup logon per se. A
> >user logged onto a local computer will need to have
> credentials to access a share on
> >a network computer, either their logged on credentials or
> they will be prompted for
> >credentials to access the share if their user account
> that they are logged onto the
> >local computer does not exist on the target computer
> offering the share. However if
> >the computer offering the share has the guest account
> enabled and the share/ntfs
> >permissions include the everyone group then anyone from
> anywhere will get access even
> >if they do not have a user account on the computer
> offering the share. --- Steve
> >
> >
> >"Timber" <(E-Mail Removed)> wrote in
> message
> >news:375501c3fd83$eae73570$(E-Mail Removed)...
> >> I'm sorry, I didn't explain well. I have a machine
> >> running NT 4.0 Server that is a part of the workgroup.
> >> My 2000 allows any person locally at it to log on to
> >> either (this computer) or to the workgroup.
> >> If they choose to log on to the workgroup, any user
> >> defined on the NT 4.0 Server can log on to the 2000
> >> without being defined in it's Users and Passwords.
> >>
> >> >-----Original Message-----
> >> >I asume you mean network logon as accessing a share??
> You
> >> can not logon to a
> >> >machine locally at the console unless you have a user
> >> account to
> >> >authenticate against the local sam [unless autologon is
> >> enabled]. My guess
> >> >is that the guest account may be enabled on the machine
> >> offering shares in
> >> >which case any network user can access it. If it is
> >> enabled, disable via
> >> >lusrmgr.msc [enter in run box] and select users/guest
> >> account and then
> >> >disable it. --- Steve
> >> >
> >> >
> >> >"Timber" <(E-Mail Removed)> wrote in
> >> message
> >> >news:09a201c3fd7a$536bb170$(E-Mail Removed)...
> >> >> I have a machine on my network (peer-to-peer
> workgroup)
> >> >> running 2000 Professional which will allow any user
> from
> >> >> that workgroup to log on to it, regardless of whether
> >> they
> >> >> have an existing login defined in Users and
> Passwords.
> >> Is
> >> >> there any way to change this?
> >> >> I want only specified users to be able to log on to
> this
> >> >> machine.
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >

Yea!!!
Exactly what I was looking for.
Thank you.

>-----Original Message-----
>OK. Then they have the option to logon to the domain or
the local machine.
>You can configure who can logon to a W2K computer via
Local Security Policy
>[secpol.msc]. Go to security settings/local policies/user
righjts
>assignments and configure logon locally to only have the
users/groups that
>you want to logon probably removing users and everyone
and leaving
>administrators and other specfic users or a group you
create and add members
>to. There is also a deny logon locally user right, but be
careful with deny
>permissions as administrator are also members of the
users and everyone
>group. --- Steve
>
>
>
>"Timber" <(E-Mail Removed)> wrote in
message
>news:59e901c40083$4f0e75c0$(E-Mail Removed)...
>> I'm not concerned about the computer's shares. I'm
>> speaking about a person physically logging onto this
>> specific PC/console.
>> They are given a choice at the Log on to Windows
>> screen "Log on to [pull-down menu]"; our workgroup
(which
>> is managed by our NT 4.0 Server) is allowed as a choice
in
>> this pull-down menu. If they are recognized as a user
>> defined in the NT Server, this physical windows 2000 PC
>> will allow them to log on to it, even though they are
not
>> defined as a user in the PC's User and Password
settings.
>> Is there any way to stop this?
>>
>> >-----Original Message-----
>> >I am still confused. There are two types of normal use
>> logon. Interactive/console
>> >where a user logs onto the local computer entering
their
>> logon name and password to
>> >get access, or network where a user already logged
onto a
>> local computer tries to
>> >access a network share on another computer. There is
not
>> a workgroup logon per se. A
>> >user logged onto a local computer will need to have
>> credentials to access a share on
>> >a network computer, either their logged on credentials
or
>> they will be prompted for
>> >credentials to access the share if their user account
>> that they are logged onto the
>> >local computer does not exist on the target computer
>> offering the share. However if
>> >the computer offering the share has the guest account
>> enabled and the share/ntfs
>> >permissions include the everyone group then anyone from
>> anywhere will get access even
>> >if they do not have a user account on the computer
>> offering the share. --- Steve
>> >
>> >
>> >"Timber" <(E-Mail Removed)> wrote in
>> message
>> >news:375501c3fd83$eae73570$(E-Mail Removed)...
>> >> I'm sorry, I didn't explain well. I have a machine
>> >> running NT 4.0 Server that is a part of the
workgroup.
>> >> My 2000 allows any person locally at it to log on to
>> >> either (this computer) or to the workgroup.
>> >> If they choose to log on to the workgroup, any user
>> >> defined on the NT 4.0 Server can log on to the 2000
>> >> without being defined in it's Users and Passwords.
>> >>
>> >> >-----Original Message-----
>> >> >I asume you mean network logon as accessing a
share??
>> You
>> >> can not logon to a
>> >> >machine locally at the console unless you have a
user
>> >> account to
>> >> >authenticate against the local sam [unless
autologon is
>> >> enabled]. My guess
>> >> >is that the guest account may be enabled on the
machine
>> >> offering shares in
>> >> >which case any network user can access it. If it is
>> >> enabled, disable via
>> >> >lusrmgr.msc [enter in run box] and select
users/guest
>> >> account and then
>> >> >disable it. --- Steve
>> >> >
>> >> >
>> >> >"Timber" <(E-Mail Removed)>
wrote in
>> >> message
>> >> >news:09a201c3fd7a$536bb170$(E-Mail Removed)...
>> >> >> I have a machine on my network (peer-to-peer
>> workgroup)
>> >> >> running 2000 Professional which will allow any
user
>> from
>> >> >> that workgroup to log on to it, regardless of
whether
>> >> they
>> >> >> have an existing login defined in Users and
>> Passwords.
>> >> Is
>> >> >> there any way to change this?
>> >> >> I want only specified users to be able to log on
to
>> this
>> >> >> machine.
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>