 |  |  |  |  |  |  |  |
Windows 2003 security
 |
Hi guys this is my first post and its a troublesome one. Ihave been at this for 3 days please can someone help.
OK here is what I want to accomplish:
I have 6 Servers all running Win '03 server standard
Server 1 : Configured as a Domain Controller w/ Active Directory
Server 2 : Configured as a Domain Controller w/ Active Directory + file server
Server 3 : Non DC w/o AD, Runs ISA Server
Server 4 : Non DC w/o AD, Runs Sharepoint
Server 5 : Non DC w/o AD, DC Runs several Databases (SQL Server and MaxDB are the main ones)
Server 6 : Non DC w/o AD, Just a crash a nd burn server used for testing and where I get to game on my lunch hour
Now.... I have a user who will be logging in remotely using terminal services. I need to give him Access to only the Sharepoint Server so he can mange sharepoint ***ONLY***. I dont even want him to be able to access any network shared resources from any of the other servers.
The user is setup to login remotely using Terminal Services How ever I find that the user needs to be in some sort of Admin security group(aministrators, Domain Admins, Ent Admins,etc....) to be able to login remotely, or even locally for that matter, to any of the NON Domain Controller servers.
Domain Controller group policy and the local policies on all the other servers read the same for the following user rights.
Allow login locally = Administrators; Remote Desktop users
Allow login through Terminal Services = Administrators; Remote Desktop users
Then I manually set the following user right on all the servers i didnt want him to access
Deny login locally = <his user name>
Deny login through Terminal Services = = <his user name>users
This actually works to keep him from using terminal services to login to any of the other servers. But remember that If i dont have him in at least one admin security group he cant login to any of the NON DC servers. so of course ounce he gets into the sharepoint server he has all the access in the world to all of our top seceret data through their network shares
So I guess my questions are:
1.) Am i going about this the right way?
2.) Would it make a difference if all the servers where domain controllers?
3.) Would it make a difference if all the servers had the Role of active directory?
4.) Why is a user required to be on an admin security group to be able to login through terminal service on a server that is not a domain controller?
5.) How much wood could a woodchuck chuck if a woodchuck could chuck wood. :eek:
Thanx in advance :cheesy:
OK here is what I want to accomplish:
I have 6 Servers all running Win '03 server standard
Server 1 : Configured as a Domain Controller w/ Active Directory
Server 2 : Configured as a Domain Controller w/ Active Directory + file server
Server 3 : Non DC w/o AD, Runs ISA Server
Server 4 : Non DC w/o AD, Runs Sharepoint
Server 5 : Non DC w/o AD, DC Runs several Databases (SQL Server and MaxDB are the main ones)
Server 6 : Non DC w/o AD, Just a crash a nd burn server used for testing and where I get to game on my lunch hour
Now.... I have a user who will be logging in remotely using terminal services. I need to give him Access to only the Sharepoint Server so he can mange sharepoint ***ONLY***. I dont even want him to be able to access any network shared resources from any of the other servers.
The user is setup to login remotely using Terminal Services How ever I find that the user needs to be in some sort of Admin security group(aministrators, Domain Admins, Ent Admins,etc....) to be able to login remotely, or even locally for that matter, to any of the NON Domain Controller servers.
Domain Controller group policy and the local policies on all the other servers read the same for the following user rights.
Allow login locally = Administrators; Remote Desktop users
Allow login through Terminal Services = Administrators; Remote Desktop users
Then I manually set the following user right on all the servers i didnt want him to access
Deny login locally = <his user name>
Deny login through Terminal Services = = <his user name>users
This actually works to keep him from using terminal services to login to any of the other servers. But remember that If i dont have him in at least one admin security group he cant login to any of the NON DC servers. so of course ounce he gets into the sharepoint server he has all the access in the world to all of our top seceret data through their network shares
So I guess my questions are:
1.) Am i going about this the right way?
2.) Would it make a difference if all the servers where domain controllers?
3.) Would it make a difference if all the servers had the Role of active directory?
4.) Why is a user required to be on an admin security group to be able to login through terminal service on a server that is not a domain controller?
5.) How much wood could a woodchuck chuck if a woodchuck could chuck wood. :eek:
Thanx in advance :cheesy:
|
Similar Threads
- How to resize a Windows 2003 partition? (Windows NT / 2000 / XP)
- Uninstalling Windows 2003 Server Standard (Windows NT / 2000 / XP)
- Windows 2003 file recovery (Windows NT / 2000 / XP)
- windows 2003 server boot problem,,,, imdying here... (Windows NT / 2000 / XP)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Problem with cd/dvd driver
- Next Thread: pagefile.sys
Views: 1880 | Replies: 0
| Thread Tools | Search this Thread |
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Windows NT / 2000 / XP
.net 3.5 3daccelertion 2007 2010 activedirectory application appstore avast black blue bluescreen book boot boot.ini bsod bulletin chinese chkdsk collaboration combofix computer computerfreezes crash deleted desktop display downloads drive dual error errors explorer failure firefox folder fonts format framework freeze freezes.hangs hardware internet ip live load logitech microsoft minimalizes mobile monitor nvidia options oracle os outlook-express partition pcmover port printer problem processor product program proxy reformat registry remote restore retrieve screen scrolling security serious server. shutdown_-a spyware startup suggestion temp ubuntu update upgrade usb user videogames virtual virus vista visual volume wab webos win windows windows-7 windows7 windowsxp wireless xp
