Announcement

Collapse
No announcement yet.

2k3 without AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2k3 without AD

    Hi,

    I have just setup a Windows 2003 server -- Standalone -- No ADS.

    Is it possible to setup USER Level permission (user A can do this and User B cannot do this), without an ADS ?

    Thank you.

    regards, Sandeep

  • #2
    Re: 2k3 without AD

    Hi, sandeep.
    There isn't supposed to a problem, but what do you want to achieve?
    Do you need file permissions? Rights to do things on the server (like shutdown and such)? And where are these users coming from? They login locally? They come from the network?
    Please supply us a little bit more info, so we can help you.
    10nx.

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: 2k3 without AD

      Sandeep_from,

      as sorinso advised - please provide as much information as possible - were not mind readers.....yet.

      Please refer to the forul rules:

      http://forums.petri.com/announcement.php?f=25

      Thanks

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: 2k3 without AD

        Hi Sorin, Thanks you for your prompt reply.

        The users will connect using R-Desktop. A thin client setup.
        Everyone logs-in from their dumb terminals on to the server.

        This is the only server in the office -- and a very small office (6 nodes and one 2k3 server). A very simple setup.
        I need a very simple solution, as I am not very technical.

        Thus far I have not setup the ADS. It seems too complicated to mee.

        I just need to allow & deny certain applications to certain users.

        Like User-A has can run IExplorer.Exe and User-B cannot.

        Pls advice how I can do this, in the simplest possible way.

        Thank you once again.

        regards,
        Sandeep

        Comment


        • #5
          Re: 2k3 without AD

          Yeah that can be done easily.
          First of all you need to create the user accounts. To do that easily from the
          Start
          Run
          compmgmt.msc
          Local Users
          and now you can create the 2 users.

          Give each user the permission needed.
          Since they are going to log on via a remote desktop, add them to the allowed users to log on remotely and you are done.

          Update me if you need information concerning any of the above steps.
          Best regards,
          Mostafa Itani

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: 2k3 without AD

            Hello Mostafa (Sanvour),
            Thank you for your reply.

            I have successfully created 2 users.
            Remote access setup successfully. They can login remotely via R-Desktop.

            But I am stuck on "how to give permissions"

            May I request you to pls advice the steps for this.

            For example, how to setup permission as follows:

            User-A: Cannot Access nero.exe
            User-B: Can access nero.exe
            ----------
            User-B: Cannot access CDROM
            User-A: Cannot access CDROM


            Thank you in advance.

            regards,
            Sandeep

            Comment


            • #7
              Re: 2k3 without AD

              One more quick request:
              How can I disable User-A from installing any new application.

              Thx again.

              Sandeep

              Comment


              • #8
                Re: 2k3 without AD

                Wow! Tough one...
                Hmmmmmm...
                I think it won't be easy to achieve, if at all...
                The only way I found was through NTFS permissions on the application itself, like this:
                - created two local users, user1 and user2;
                - created a Group, called IEPrevent;
                - added user1 to this group;
                - went to C:\Program Files\Internet Explorer and changed the NTFS permission of the IEXPLORE.EXE to: IEPrevent -> Deny Read and Execute ;
                - logged on through RDP with user1, couldn't run IE. Logged on with user2, there was no problem.

                As you can see, this is far from being a nice solution. But it's only one I found so far. It will be hard to implement, if you have a lot of users and applications.
                Hope it helps.

                I apologize in front for this under-satisfactory solution...
                Last edited by sorinso; 18th January 2007, 15:31.

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment


                • #9
                  Re: 2k3 without AD

                  Originally posted by sandeep_from View Post
                  One more quick request:
                  How can I disable User-A from installing any new application.

                  Thx again.

                  Sandeep
                  I believe by default, accounts in the Users group will not be able to install applications as Users should only have Read Execute privs on the necessary directories and limited privs on the registry.
                  Cheers,

                  Rick

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                  Comment


                  • #10
                    Re: 2k3 without AD

                    Hi Sorin,
                    Thank you for your suggestions.

                    I believe if I install ADS, I will have a straight way to setup permissions per user?

                    Thou' I do not wish to go the ADS way.

                    If nothing else works, I will need to implement what you have suggested.

                    Hope someone has more ideas

                    Thanks always.

                    regards,
                    Sandeep

                    Comment


                    • #11
                      Re: 2k3 without AD

                      By default a normal user can not install new applications, he does not have the priviledge to do that.

                      Another solutuion for denying access for CDROMS, is from the hardware profile. Disable the CD ROM in a profile and allow it in another one.

                      Concerning Nero you can use Nero Burning Rights found inside control pannel.

                      Hope I was able to help
                      Best regards,
                      Mostafa Itani

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: 2k3 without AD

                        Originally posted by sorinso View Post
                        I apologize in front for this under-satisfactory solution...
                        It's what I would do if I didn't have a proxy server.

                        OP may want to mess w/ the All Users Desktop and Start Menu directories and pull shortcuts out / move them to individual users' directories as appropriate.
                        Cheers,

                        Rick

                        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                        Comment


                        • #13
                          Re: 2k3 without AD

                          Originally posted by sandeep_from View Post
                          I believe if I install ADS, I will have a straight way to setup permissions per user?
                          Indeed, it will give you almost everything you ever wanted In the computer way... But installing AD for 6 computers and one server ... Especially when you said about yourself
                          Originally posted by sandeep_from View Post
                          I am not very technical
                          As rvalstar pointed out, you won't have any problem with users installing applications. They don't have the permissions, as long as you keep them as Users.

                          Sorin Solomon


                          In order to succeed, your desire for success should be greater than your fear of failure.
                          -

                          Comment


                          • #14
                            Re: 2k3 without AD

                            Thank you all.
                            With such prompt support, I am beginning to enjoy this tech work & forum.


                            Just tested installing an application as User-A. I could not.
                            So one problem is solved.

                            Even CDROM issue seems resolved. I will try it later.

                            Concerning Nero you can use Nero Burning Rights found inside control pannel.
                            Nero.exe was just an example

                            Now the main query remains : Application level control.

                            Any thoughts ??

                            regards,
                            Sandeep

                            Comment


                            • #15
                              Re: 2k3 without AD

                              Just be aware that if you use hardware profile method, it will be system-wide (meaning that even the Administrator won't be able to access it). And if you want to change profile, you'll have to boot the server.
                              I would disable the CD through Disk Management. Right click on the CD, Properties, Disable. If you want to go to a hardware solution.

                              Sorin Solomon


                              In order to succeed, your desire for success should be greater than your fear of failure.
                              -

                              Comment

                              Working...
                              X