Security loop hole? How to restrict non-admin users

K

Kiran

Hi
Users can right click My Computer..Manage..right click on
computer management..connect to another computer and
specify the name of remote computer

Can easly get into another computer and play around with
shares amd other stuff.

Is it a security loop hole? or How can we restirct non
admin users from doing this. They can really damage the
system.
This has to be done for more than 200 PCs in the domain.

Servers are windows 2000 and windows 2003 Advanced server.


Thanks in advance
Kiran
 
C

Chriss3 [MVP]

Kiran,
Please provide us with the current Service Pack you have applied?
Are the users only regular users and not have membership in local
administrators group etc?

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
K

Kiran

Hi Christoffer
We are having a mixture of Windows 2000 with service
pack 4 and Windows 2003 servers
The Users are not in the local administrators group or any
other local group on the remote machine.
They can get into remote PC where they are not members of
any group and play around with shares, event viewer etc

I would expect this capability only for administrators
group on the remote machine.

How can I turn off access to non-admin users


Thanks in Advance
Kiran
 
P

ptwilliams

I think the term 'play around with' is a little bit of an exaggeration ;-)
Sure, they can look at the any of the event logs except for the Security
one, and they can look at shares, sessions, etc. But it's all read-only
info. They can't administer any of this stuff.

As for disabling this, there's going to be several ways of doing this; the
easiest being, disabling the MMC on the users' PCs -via GPO - restricted
groups (XP) or do not run these apps policy.

Possibly, more drastic measures such as disabling anonymous connections,
etc. may be able to limit this as well -don't know about that example for
sure though...


--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Hi Christoffer
We are having a mixture of Windows 2000 with service
pack 4 and Windows 2003 servers
The Users are not in the local administrators group or any
other local group on the remote machine.
They can get into remote PC where they are not members of
any group and play around with shares, event viewer etc

I would expect this capability only for administrators
group on the remote machine.

How can I turn off access to non-admin users


Thanks in Advance
Kiran
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Issue with Computer management 3
Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
Intalling windows updates for non admin users through group policy 1
Installation problem - non-admin users 3
Help restrict access to folders to non-administrators 3
Installation problem for non-admin users 1
Blocking non admin users from connecting to MMC from a remote PC 2
How to restrict non administrators from accessing MMC(Microsoft managemanet Cons 1

Top