|
Focus on Microsoft
Restricting account to a computer only Oct 05 2004 05:09PM Paul Aviles (paviles adjoined com) (2 replies) RE: Restricting account to a computer only Oct 06 2004 02:00AM Laura A. Robinson (laurarobinson earthlink net) |
|
|
Privacy Statement |
machine to a domain, the domain admins group is added to the local
admin group, which has local logon right on both desktops and server),
and Domain users can only logon to workstations because Server does
not grant the local logon right to the local users group (which
contains the Domain Users group). Any account that is not a member of
either domain admins or users should not have any logon rights
anywhere. So, for your scenario, I might look at creating a user with
no group membership, and explicitly granting that account user rights
on the machine(s) as necessary. If you have multiple machines and/or
accounts performing this task, then I would probably use some
combination of group policy and groups to get this done
That said, figuring out what you need to assign might be difficult.
Does the product you are deploying (I am assuming it is a product due
to E2k not needing a service account) fully document what rights its
account needs?
On Tue, 5 Oct 2004 13:09:55 -0400, Paul Aviles <paviles (at) adjoined (dot) com [email concealed]> wrote:
> We want to restrict a service account only to login to one computer for
> security reasons.
>
> This is for an exchange 2000 server and obviously we don't want anyone
> to use the account/password to read people's emails since the account
> must be a member of the Domain Exchange Admin (yeah/neah?). I found an
> option under Account / Login To, but it says at the top "This feature
> requires the NetBIOS protocol. In Computer Name, type the pre-Windows
> 2000 computer name". We obviously don't use NetBios, is there any other
> way to do this?
> To make things even better... The Exchange server is also a DC...... I
> didn't do it...
>
> The same concern I have if we create an account and put them in the
> Backup Operators group. What can restrict that account to login only on
> servera for example and not in all other workstations n the domain?
>
> Thanks so much for your help.
>
> Paul
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]