כניסה
 
עמוד הביתספריהלמדהורדותאיתר וטיפל בבעיותקהילהפורומים
משאבים למומחי מחשוב >
Local Accounts

תשובה Local Accounts

  • יום רביעי 23 מאי 2012 22:32
     
     
    היכנס כדי להצביע
    0

    I am looking at server that is part of a domain, its local password policies are MS default policies. Some accounts are domain accounts, other accounts are local accounts to the server.  If someone does not have physical access to the console in the data centre. Can someone access those local accounts? If so how do they access them?

    Jay, CISA, GPEN, Security+

     

כל התגובות

  • יום חמישי 24 מאי 2012 07:11
     
     
    היכנס כדי להצביע
    0

    Hi,

    You can enable the Remote Desktop on the server and then add the local user accounts in the Remote Desktop Users group on the server.

    The users can remote access the server by Remote Desktop.

    For more information:

    Enable Remote Desktop

    http://technet.microsoft.com/en-us/library/cc782195(v=ws.10).aspx

    Regards, Terry | My Blog: http://terrytlslau.tls1.cc

    This posting is provided “AS IS” with no warranties, and confers no rights.

     
  • יום חמישי 24 מאי 2012 09:30
    מנחה דיון
     
     תשובה
    היכנס כדי להצביע
    1

    Hi,

    I’d like to confirm to that you mean Remote Desktop connection.

    Please try to configure the Allow users to connect remotely using remote desktop Services policy and Restrict Group policy to achieve the target.

    For details:

    Allow users to connect remotely using remote desktop Services
    ===========================================
    1. Windows Server 2008 R2: Computer Configuration ->Policies ->Administrative Templates ->Windows Components ->remote desktop Services ->remote desktop Session Host ->Connections ->Allow users to connect remotely using Remote Desktop Services
    2. Window Server 2003/2008: Computer Configuration ->Administrative Templates ->Windows Components ->Terminal Services ->Allow users to connect remotely using Terminal Services

    Restrict Group
    ==========
    1. Computer Configuration -> Policies -> Windows Settings -> Security Settings
    2. Right-click Restricted Groups, and then click Add Group.
    3. Click Browse, add Remote Desktop Users, click Ok.
    4. Add the members  what you want.

    Allow log on through Terminal Services(RDS on DC)
    ==========================
    Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Terminal Services


    Hope this helps!

    Best Regards
    Elytis Cheng

     

    Elytis Cheng

    TechNet Community Support

     
  • יום חמישי 24 מאי 2012 17:08
     
     
    היכנס כדי להצביע
    0
    Thanks for the information!