local access to client

  • Thread starter Thread starter Alex
  • Start date Start date
A

Alex

Hi We have a number of XP machines now linked on an SBS2003 network.

At present, a user logs onto the network, and is also asked to enter their
local client machu=ine user name and password.

I want to allow users to be able any XP client machine on the network, but I
do not want to have to set up each as a separate user of each machine.

if I delete all local users on the XP workstations, just leaving Admin, will
that get round my problem, and just allow the users to login into the
network but have unrestricted rights to the local workstations

Thanks

Alex
 
Alex,

While you *can* set the admin password to the same on all machines and have
your users log on as admin to access all machines, this is really not the
best solution.

A better solution is to promote the SBS machine to a domain controller (if
it is not already) and join all of your Windows XP machines to the domain
(assuming you've got XP Pro and not XP Home. XP Home cannot join a domain).

Then, create user accounts for your user in the domain. Your users will
then be able to log on to any machine in the domain using their user
account. Likewise you'll be able to share resources (files) from the
computers and set permissions on which domain users will have access.

Unfortunately, a detailed description of the considerations is well beyond
the scope of a single newsgroup post. You may wish to enlist the services
of a consultant or pick up a good book on Active Directory from a local
bookstore.

-Matt

===
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Alex said:
Thanks Matthew will implement your suggestion tomorrow
Hi

Note that with a default configured domain computer, the users will
only have "Users" rights. If you need them to be "Power Users" or
"Administrators", here is an easy way:

We add "NT Authority\Interactive" in the local Administrators group
to let all domain users automatically be local admins when they log
on to a computer interactively.

This is more secure than adding "Authenticated Domain users ",
"Domain Users" or "NT AUTHORITY\Authenticated Users" (or a group
that contains all users as you have) because you avoid the issue
with cross network admin rights (remote access) between the
computers that these groups introduces.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top