Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Every User Can log on to any computer in the Domain and access any files.

Answered Every User Can log on to any computer in the Domain and access any files.

  • Monday, December 31, 2012 11:55 AM
     
     
    Sign In to Vote
    0

    Dear,

    In my domain, Mail Server is integrated to AD. System and  Mail Password is same of all users. Now one thing I need to do in my domain. A huge Security hole is opened in my domain. That is, every user can log on to any PC and access any files or drive except "C://Users". Suppose A is a domain user and B is another domain user. Now A can log on to B's computer and access all the files and drive. B can also the same. That means each user can copy or delete in the domain. So please give me a solution to protect it.

    Regards,

    Sk Sabbir Ali

    Sk Sabbir Ali

     

All Replies

  • Monday, December 31, 2012 2:16 PM
     
     
    Sign In to Vote
    0

    Hello,

    System and  Mail Password is same of all users. Now one thing I need to do in my domain. A huge Security hole is opened in my domain.

    The same password is your security hole!

    You need to let every user change it's password.

    dsquery user OU=Sales,DC=domain,DC=intern | dsmod user -mustchpwd yes

    PS:
    Your question has less to do with Group Policies.

    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!



     
  • Monday, December 31, 2012 4:24 PM
     
     
    Sign In to Vote
    0
    Sorry my question was, Suppose I have 100 users in my domain. So 100 users have their different computer and user name/password. Hence, every user can log on to their computer as well as log on to any computer in the domain. So, there is an issue of security. Like, if A log on to B’s computer with A’s credentials (both users are Domain User), then A will be able to access B’s Files, Drives with read/wright permission. It should not happen. Here, I want to set permission to all users that if someone log on to other computer with his/her credential, then he/she cannot access files, folders etc. of other. So how to set permission through GP.

    Sk Sabbir Ali

     
  • Monday, December 31, 2012 5:10 PM
     
     Answered
    Sign In to Vote
    0

    Hello Sabbir,

    Ok, I understand.
    You can assign a home drive to every user and tell your users, that they should save their data only on this home drive.

    If they save their data in the user profile, the others won't also be able to read this data as well (if they are not admins on this computer).

    Another way would be to assign one computer to every user.
    This way they can only logon to this specific computer:

    http://technet.microsoft.com/en-us/library/dd145547.aspx

    Please have a look at "Log On To".

    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!


     
  • Friday, January 04, 2013 12:48 PM
     
     
    Sign In to Vote
    0
     
    > Sorry my question was, Suppose I have 100 users in my domain. So 100
    > users have their different computer and user name/password. Hence,
    > every user can log on to their computer as well as log on to any
    > computer in the domain. So, there is an issue of security. Like, if A
    > log on to B’s computer with A’s credentials (both users
     
    To clarify further what Matthias already said: Say "goodbye" to thinking
    of a computer being the computer of a given user. A computer is a
    computer with shared ressources (anybody can access them) and private
    ressources (only the owning user can access them).
     
    This is NOT a security hole of any kind...
     
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
     
  • Friday, January 04, 2013 1:45 PM
    Moderator
     
     
    Sign In to Vote
    0
    Sorry my question was, Suppose I have 100 users in my domain. So 100 users have their different computer and user name/password. Hence, every user can log on to their computer as well as log on to any computer in the domain. So, there is an issue of security. Like, if A log on to B’s computer with A’s credentials (both users are Domain User), then A will be able to access B’s Files, Drives with read/wright permission. It should not happen. Here, I want to set permission to all users that if someone log on to other computer with his/her credential, then he/she cannot access files, folders etc. of other. So how to set permission through GP.

    Sk Sabbir Ali

    This is a cross post !

    Protect Domain Users to Access Files After Log On To Other Computer

    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Whenever you see a helpful reply, click on Alternate Text Vote As Helpful & click on Alternate Text Mark As Answer if a post answers your question.