J
JMF
Does anyone know if I can give a user Admin rights but
remove their rights from actually loging onto the Server
console?
remove their rights from actually loging onto the Server
console?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Steven Umbach
You could add his user account to the deny logon locally user right assignment
for that computer in a GPO for an OU that contained that computer. That is
assuming he is the local administrator and not a domain admins, as a domain
admins could reverse that setting if he knew how. You could configure it in
Local Security Policy, but it would be much easier for him to try to
reverse. --- Steve
for that computer in a GPO for an OU that contained that computer. That is
assuming he is the local administrator and not a domain admins, as a domain
admins could reverse that setting if he knew how. You could configure it in
Local Security Policy, but it would be much easier for him to try to
reverse. --- Steve
G
Guest
That would work but if this is a Terminal Server it would
stop the user from being able to logon at all, right?
This users needs admin rights to administer users, but has
no reason to logon the console, is there maybe a third
party program that would allow me to secure the console?
Thanks for all your help.
JMF
stop the user from being able to logon at all, right?
This users needs admin rights to administer users, but has
no reason to logon the console, is there maybe a third
party program that would allow me to secure the console?
Thanks for all your help.
JMF
S
Steven L Umbach
Yes if you are needing this user to access TS, then in W2K he will need to logon
locally. Using TS to logon as an administrator will still give him almost unlimited
power on that computer. I don't know if third party programs require logon locally
but would not surprise me if they did. Keep in mind that a power user can also manage
local users that are regular users that they have created and create new non
administrator accounts, and create shares. If you have to have him as an
administrator, he may not need local logon user rights but can also manage users
remotely via Computer Management/local users and groups. -- Steve
locally. Using TS to logon as an administrator will still give him almost unlimited
power on that computer. I don't know if third party programs require logon locally
but would not surprise me if they did. Keep in mind that a power user can also manage
local users that are regular users that they have created and create new non
administrator accounts, and create shares. If you have to have him as an
administrator, he may not need local logon user rights but can also manage users
remotely via Computer Management/local users and groups. -- Steve