Login for IIS only, not the whole computer

Posted on 2005-03-24
Medium Priority
Last Modified: 2010-04-18
I have an interesting dilemma. I want someone to access pages through IIS, but not to be able to log into the computer behind the IIS. I created a user in the "computer management" program, and they are restricted to the IIS pages I only want them to see through permissions. BUT, if I went to the "Remote Desktop Connection" icon, or even walking up to the computer itself, the user could actually log onto the computer and see files through Windows Explorer. How do I prevent that??    

Question by:Kittrick
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

Znalost earned 2000 total points
ID: 13627008
Hi Kittrick,
Please read below. I assume that your computer/server is not member of windows domain.

Remote desktop connection
In order to prevent user from accessing the server using "Remote desktop connection", uncheck "Allow logon to terminal server" under "Terminal services profile" tab in User properties (your "computer management").
Locally access to computer
I recommend you at the first place to physically secure the server so that only authorized personnel can "walk in" and operate the local keyboard.
You can also modify group policy settings "Allow logon locally" in the way that user who should not have right to logon locally will not be members of groups name under this policy. One way to do it is to remove group "Users" (make sure that the unwanted users are members of the Users group and are not members of the other groups listed in this policy) from "Allow logon locally" policy.
You can access the policy using "Local security settings" in "Administrative tools". Then navigate to "Local policies/User Rights Assignment".

Good luck

Expert Comment

ID: 13676148
Hi Kittrick,
Do you have mor questions? Let me know.

Author Comment

ID: 13703299
That was a great answer Znalost! Thank you very much!


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question