GPO explanation on Access this computer from the network..

  • Thread starter Thread starter TonyV
  • Start date Start date
T

TonyV

Can anyone explain to me the functionality of the
Security Settings/Local Policies/User Rights
Assignments/ "Access this computer from the network"
Policy setting.

I was wondering if I enable this under my Computers OU
Group Policy with a specified user that I can restrict
the use of that computer to only the individual or group
I assign it too. Is this true?

I guess I would also like an explanation of the "Deny
this computer from the network" also.

Thank you for any help, I've been searching for an answer
for some time and can't seem to understand it's use.

Tony
 
The "Documentation" for this feature is located here....

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/524.mspx

Although


Although it ain't the best I've seen, the setting is pretty self
explanatory.. the interpretation is that this policy would allow the
specified users to connect via the network (smb, rpc, etc...)
Apparently Terminal Services or Remote Desktop would be unaffected.

If you were to remove administrators from this policy then your server
administrators would be unable to access the machine for remote
administration, file shares etc.

One reason this might be desirable is for a "Secured Admin Workstation"
in which the machine is only accessable via the console.

check out...

http://www.winnetmag.com/Articles/ArticleID/2874/pg/2/2.html for more
information.

Although this sort of setup is a little extreme for some environments,
it could have merits in certain places.

Brent
 
Thanks Brent,

Yes this is to prevent students for using other students
machines in a college environment when projects are due.
The quality and availabilty of machines is limited.

I was looking for a way to isolate the use of the
machines to only particular grad students.

Tony
 
Ok Tony,

Try this instead...

Create a group and add the grad students to it. Then assign the

Computer Settings>Windows Settings>Security Settings>Local
Policies>User Rights Assignment> LOG ON LOCALLY right to only that
group.

that should allow only the grad students to access the machine from the
console.

Brent
 
Great Brent...Thank you much, it works exactly the way
that I want it now. I guess I need to try and get my
thought process running in the Microsoft direction since
I didn't clearly understand it.

You were a great help.

Tony
 
Back
Top