Ftp and Logon locally rights

  • Thread starter Thread starter m0rk
  • Start date Start date
M

m0rk

I have a remote site with 1 DC, the only server. I also want to allow
FTP for a network scanner that will drop the files into the folder
without user intervention.

The only way I can get this to work currently is either:-

1. Set it to anonymous logon, works fine. Not what I want to do.
2. Stop anonymous and give the user account logon local rights to the
server which also works fine.

Can I set an AD user account on this W2k DC rights to logon locally only
to this server and not all dc's in the domain? Would this be through the
local security policy or a group policy?
 
m0rk said:
I have a remote site with 1 DC, the only server. I also want to allow
FTP for a network scanner that will drop the files into the folder
without user intervention.

The only way I can get this to work currently is either:-

1. Set it to anonymous logon, works fine. Not what I want to do.
2. Stop anonymous and give the user account logon local rights to the
server which also works fine.

Can I set an AD user account on this W2k DC rights to logon locally only
to this server and not all dc's in the domain? Would this be through the
local security policy or a group policy?
Click to expand...

Not all DC's what? DC's is possessive. DCs is plural.

You would have to modify the local security policy since group policies
only go down to the OU level and all your domain controllers would be in
the same "domain controllers" OU and thus they would all get the change.
 
Incorrect. Local policies are always overidden by group policies.

--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

There are 10 kinds of people in the world. Those who do understand binary
and those who don't.
 
Not all DC's what? DC's is possessive. DCs is plural.

You would have to modify the local security policy since group policies
only go down to the OU level and all your domain controllers would be in
the same "domain controllers" OU and thus they would all get the change.
Click to expand...

The local policy is overiden by the domain controller policy which
applies to all the domain controllers, I wanted to limit the logon
locally to the specific dc but seeing as the local policy is overidden
by the domain one I wasnt sure I could.

Am I mistaken? It just seems an odd requirement for ftp to work with a
username/password to require logon locally rights.
 
Back
Top