Ftp and Logon locally rights

M

m0rk

I have a remote site with 1 DC, the only server. I also want to allow
FTP for a network scanner that will drop the files into the folder
without user intervention.

The only way I can get this to work currently is either:-

1. Set it to anonymous logon, works fine. Not what I want to do.
2. Stop anonymous and give the user account logon local rights to the
server which also works fine.

Can I set an AD user account on this W2k DC rights to logon locally only
to this server and not all dc's in the domain? Would this be through the
local security policy or a group policy?
 
B

Brandon McCombs

m0rk said:
I have a remote site with 1 DC, the only server. I also want to allow
FTP for a network scanner that will drop the files into the folder
without user intervention.

The only way I can get this to work currently is either:-

1. Set it to anonymous logon, works fine. Not what I want to do.
2. Stop anonymous and give the user account logon local rights to the
server which also works fine.

Can I set an AD user account on this W2k DC rights to logon locally only
to this server and not all dc's in the domain? Would this be through the
local security policy or a group policy?

Not all DC's what? DC's is possessive. DCs is plural.

You would have to modify the local security policy since group policies
only go down to the OU level and all your domain controllers would be in
the same "domain controllers" OU and thus they would all get the change.
 
M

Manny Borges

Incorrect. Local policies are always overidden by group policies.

--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

There are 10 kinds of people in the world. Those who do understand binary
and those who don't.
 
M

m0rk

Not all DC's what? DC's is possessive. DCs is plural.

You would have to modify the local security policy since group policies
only go down to the OU level and all your domain controllers would be in
the same "domain controllers" OU and thus they would all get the change.

The local policy is overiden by the domain controller policy which
applies to all the domain controllers, I wanted to limit the logon
locally to the specific dc but seeing as the local policy is overidden
by the domain one I wasnt sure I could.

Am I mistaken? It just seems an odd requirement for ftp to work with a
username/password to require logon locally rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top