Preventing logon to Member Servers

J

JohnB

How can I prevent "some" users from accessing "some" of our member servers?
We have 1 server that users remote into to access an application. And the
rest of our Member Servers we don't want end-users to be able to login to.

If I go into local security, I can see where I can control who can "login
from the network". But it shows the effective setting as being everyone, as
coming down from domain-level policy settings. And then if I go to a DC,
there is a GPO under Machine Configuration for this setting. And I assume
that's what's meant by "domain-level" policy settings. But that still
prevents me from selectively controlling access by server.

Is there another way to do this?
Thanks
 
C

Chriss3

Hi JohnB

Nice to see you are doing some good Active Directory Security best practices
here -:) Place your member servers in an Organization Unit, Create a Group
Policy and link it to this OU, Define the follow Security User Right.

Computer Configuration\Security Settings\Local Policies\User Rights
Assignment\

Define the Allow log on locally policy, and add trusted accounts and the
accounts that's need to have access to threes member servers.

More information about this are found here:
http://www.microsoft.com/resources/...dowsServ/2003/standard/proddocs/en-us/547.asp

Have a nice day!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

local logon on member servers 1
Domain trust and member server access 1
Joining a 2008 member server to a 2003 domain? 3
Accessing AD from member servers 3
External trust and a member server 9
Parent/Child domain design or member servers? 1
New domain/member server 4
OU design 7

Top