E
Eric H, Vela
Is this even possible?
This is a test scenario I'm trying to create for experimentation: 2000
Server AD Domain with Terminal Services; XP Workstations on Domain with DNS
pointed to server (and server forwarded to ISP DNS) <- This part is done.
It's the user login permissions I need help with.
Built-in Domain Administrator will not be used whenever possible.
User A = Domain Admin; I want this user to be accessible ONLY through
"RunAs"... I don't want this user to be able to log in to any desktop on the
server or workstations.
User B = Domain Guest; Disabled
User C = Domain User; I want this user to access ONLY the server through
either local or Terminal Service login; no workstation access
User D = Domain User; I want this user to access ONLY the workstations as
Power User on the workstations
User E = Domain User; I want this user to access ONLY the workstations as
Power User on the workstations
Users F = Administrator local to workstations
It seems simple, but I'm at a complete loss where to begin. Any advice?
For an added bonus, if there is a way to restrict User A to be "RunAs"
explicitly only from User C, User D, and User E (and *not* Users F), please
let me know how.
Thanks in advance
Eric
This is a test scenario I'm trying to create for experimentation: 2000
Server AD Domain with Terminal Services; XP Workstations on Domain with DNS
pointed to server (and server forwarded to ISP DNS) <- This part is done.
It's the user login permissions I need help with.
Built-in Domain Administrator will not be used whenever possible.
User A = Domain Admin; I want this user to be accessible ONLY through
"RunAs"... I don't want this user to be able to log in to any desktop on the
server or workstations.
User B = Domain Guest; Disabled
User C = Domain User; I want this user to access ONLY the server through
either local or Terminal Service login; no workstation access
User D = Domain User; I want this user to access ONLY the workstations as
Power User on the workstations
User E = Domain User; I want this user to access ONLY the workstations as
Power User on the workstations
Users F = Administrator local to workstations
It seems simple, but I'm at a complete loss where to begin. Any advice?
For an added bonus, if there is a way to restrict User A to be "RunAs"
explicitly only from User C, User D, and User E (and *not* Users F), please
let me know how.
Thanks in advance
Eric