Announcement

Collapse
No announcement yet.

Server 2008 and local log on

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2008 and local log on

    Hi there,

    I have a server 2008 R2 server, with desktops and a printer. We changed from static hard drives to removable hard drives, the staff has to down the server and remove the drives every night,

    On the Server, which is a DC, I enable the GPO to "Allow Local Logon" and "Allow Shut Down" with a group and added staff to that group.

    I created a test account, non-admin, to test this, and the staff are able to "look around" and get to admin tools, but not change anything.

    Question: Is there any way to set this group to "IF in SHUTDOWNSERVER group and server = \\MYDC" to lock the desktop to shutdown only, or disable the Windows Explorer to keep staff from "exploring" on a DC?

    I was thinking a logon.bat with that argument IF group and IF DC, then restrict.

    Thanks

    b.

  • #2
    Re: Server 2008 and local log on

    what.. the.. hell ?
    the staff shut down the server, and remove the drives every night?
    Can I ask why ?


    anyway, to answer your question:

    you could try the "environment" tab under the user's AD object and set the environment to be a customised shell ?


    To further answer:
    YEs, it's possible to create a GPO called "locked-down-server-users"
    Set all the appropriate settings on it
    then set a WMI filter so it only applies to that group.
    you'll need to make sure also that the GPO gives them "shutdown this computer"
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Server 2008 and local log on

      I'm not sure if I understand your statement correctly. It is a bad idea to let the staff access your DC. There are so many thing can go wrong if users able to to access DC.

      Is there a reason why you need to have the staff remove the drive from the server everynight? and forwhat purpose?

      If you need to transfer data or access data in a different location, you use consider create some kind of batch files or script to copy the file to the removable drive and let them take that drive instead of server drive.

      Comment


      • #4
        Re: Server 2008 and local log on

        Sorry so long responding,

        We have closed storage (removing the server hard drives everynight as a customer requirement)

        As each staff is finished, they need to shut down server, unable to do it remotely, and I don't want staff pulling power.

        B.

        Comment


        • #5
          Re: Server 2008 and local log on

          wow.. this customer has worse restriction than the CIA

          There are many different ways to prevent remote access than just shutdown the server and pull out the hard drive.

          I think you or the head of the IT really need to sit down with the client and ask the reason and why are they concerning with the remote access and come with the solution where it will meet their requirement.

          I think shutdown the server and pull out the HDD is not the answer to their solution or it really doesnt make much sense.

          They will have better security control if the server is not shutdown and remove the hard drive because you can prevent access to the server from the network level or on the server itself.

          by removing the hard drive and take offsite, the hard drive can be easily clone and data get compromize easily without them knowing it. Now that is the real security flaw.

          HN

          Comment


          • #6
            Re: Server 2008 and local log on

            does the soft-power button on the server work ?
            basically, all they should need to do is walk up to it, make sur the screen is on, press the power button gently and it should issue shutdown to the server
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment

            Working...
            X