No announcement yet.

selected server log-in users

  • Filter
  • Time
  • Show
Clear All
new posts

  • selected server log-in users


    how can set-up my dc so that the admin/domain admin are the only users allowed to log-on to the server locally or remotely.


  • #2
    Re: selected server log-in users

    by default, a DC will only allow Domain Admins or Enterprise Admins to logon.

    There are no local administrators on a domain controller.

    if this is a member server and not a domain controller, look into group policy.
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: selected server log-in users

      If you really want to stop other administrators accessing the DC (which they normally need to do), look into "deny logon locally" and "deny logon remotely" user rights in a GPO attached to the DC OU. Be VERY careful in case you lock out the main Administrator, though
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: selected server log-in users

        NT 4.0 Server had a setting(s) where the user could logon as an Administrator using their account but permissions were locked down so they couldn't go and do any damage. I believe, if my memory is working, that one of the restrictions was the inability to make Registry modifications. Don't know if the later Server versions had similar useful restrictions. I believe it was more aimed at junior admins who were still on training wheels.
        Joined: 23rd December 2003
        Departed: 23rd December 2015