GPO explanation on Access this computer from the network..

T

TonyV

Can anyone explain to me the functionality of the
Security Settings/Local Policies/User Rights
Assignments/ "Access this computer from the network"
Policy setting.

I was wondering if I enable this under my Computers OU
Group Policy with a specified user that I can restrict
the use of that computer to only the individual or group
I assign it too. Is this true?

I guess I would also like an explanation of the "Deny
this computer from the network" also.

Thank you for any help, I've been searching for an answer
for some time and can't seem to understand it's use.

Tony
 
B

Brent Westmoreland

The "Documentation" for this feature is located here....

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/524.mspx

Although


Although it ain't the best I've seen, the setting is pretty self
explanatory.. the interpretation is that this policy would allow the
specified users to connect via the network (smb, rpc, etc...)
Apparently Terminal Services or Remote Desktop would be unaffected.

If you were to remove administrators from this policy then your server
administrators would be unable to access the machine for remote
administration, file shares etc.

One reason this might be desirable is for a "Secured Admin Workstation"
in which the machine is only accessable via the console.

check out...

http://www.winnetmag.com/Articles/ArticleID/2874/pg/2/2.html for more
information.

Although this sort of setup is a little extreme for some environments,
it could have merits in certain places.

Brent
 
T

TonyV

Thanks Brent,

Yes this is to prevent students for using other students
machines in a college environment when projects are due.
The quality and availabilty of machines is limited.

I was looking for a way to isolate the use of the
machines to only particular grad students.

Tony
 
B

Brent Westmoreland

Ok Tony,

Try this instead...

Create a group and add the grad students to it. Then assign the

Computer Settings>Windows Settings>Security Settings>Local
Policies>User Rights Assignment> LOG ON LOCALLY right to only that
group.

that should allow only the grad students to access the machine from the
console.

Brent
 
T

TonyV

Great Brent...Thank you much, it works exactly the way
that I want it now. I guess I need to try and get my
thought process running in the Microsoft direction since
I didn't clearly understand it.

You were a great help.

Tony
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Machine vs. Domain Group Policy 11
GPO to remove software 1
Deny access this computer from network 1
Windows 2000 and GPO 3
GPO Policy won't apply. 2
Question on GPO- Urgent 11
Windows cannot access the file gpt.ini for GPO 1
GPO (OU vs DOMAIN) 1

Top