how can I limit ts local user on a stand alone server?

Discussion in 'Server Security' started by alex, Apr 27, 2009.

  1. alex

    alex Guest

    I have a 2003 srv stand alone (not domain), I need to limit some teminal
    server user, for exmple not shut down, remove items from start menu and
    other things that are easy to do with gpo and domain.
    I've tryed to modify the local policy, section user, but the the policy are
    applyed to ALL users, included administrator.
    How can I make a local policy and have it appied only to some users?
    Thank you
    Alex
     
    alex, Apr 27, 2009
    #1

    1. Advertisements

  2. alex

    Meinolf Weber [MVP-DS] Guest

    Hello Alex,

    You can edit for some security settings the "Local security policy", Local
    policies, User rights assignment:
    "Shut down the system"

    Additional have a look at this article:
    http://support.microsoft.com/kb/325351

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Apr 27, 2009
    #2

    1. Advertisements

  3. alex

    alex Guest

    yes but then the policy apply to all users, included administrator!!
     
    alex, Apr 27, 2009
    #3
  4. alex

    alex Guest

    sorry, I've read just now the article... Thank you!
     
    alex, Apr 27, 2009
    #4
  5. alex

    Meinolf Weber [MVP-DS] Guest

    Hello Alex,

    For the "shut down the system" setting you add the groups that are allowed
    to do it. So you can only use the administrators group. For the rest you
    have the article as you saw.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Apr 27, 2009
    #5
  6. alex

    alex Guest

    I've tryed with the article, but if administrator run gpupdate / force the
    policy are reapplyed also to administrator.
     
    alex, Apr 27, 2009
    #6
  7. alex

    Meinolf Weber [MVP-DS] Guest

    Hello Alex,

    If you follow the steps in the article there is no need to run gpupdate command.
    The machine is a workgroup machine and not only disconnected from a domain?

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Apr 27, 2009
    #7
  8. alex

    alex Guest

    it's a workgroup server. I follow the article and it works fine, but if
    somebody runs gpupdate the stict policy is reapplyed to administrator. In
    this case administrator will loose his role...
    Maybe I can try to deny administrator read permission on registry.pol ...

     
    alex, Apr 27, 2009
    #8
  9. alex

    Meinolf Weber [MVP-DS] Guest

    Hello Alex,

    Reconfigure gpupdate.exe permissions for administrators only. I can not test
    it in the moment. Maybe i will find later on some time.

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Apr 28, 2009
    #9

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. "Run As" a domain user from a stand alone PC?

  2. Stand alone XP machine connecting to WIN2003 Server on VPC

  3. Possible? Create Trust Rel. btwn Stand-Alone Server & Domain?

  4. Stand Alone NTP Server

  5. Small Business Server to stand alone server

  6. can't connect to w2k3 AD shares from w2k stand alone server

  7. Add a user to a stand alone server

  8. Can't log in with NT stand alone

Loading...