Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 166
  • Last Modified:

Login for IIS only, not the whole computer

I have an interesting dilemma. I want someone to access pages through IIS, but not to be able to log into the computer behind the IIS. I created a user in the "computer management" program, and they are restricted to the IIS pages I only want them to see through permissions. BUT, if I went to the "Remote Desktop Connection" icon, or even walking up to the computer itself, the user could actually log onto the computer and see files through Windows Explorer. How do I prevent that??    

Thanks!
Kittrick
0
Kittrick
Asked:
Kittrick
  • 2
1 Solution
 
ZnalostCommented:
Hi Kittrick,
Please read below. I assume that your computer/server is not member of windows domain.

Remote desktop connection
-------------------------------
In order to prevent user from accessing the server using "Remote desktop connection", uncheck "Allow logon to terminal server" under "Terminal services profile" tab in User properties (your "computer management").
Locally access to computer
-----------------------------
I recommend you at the first place to physically secure the server so that only authorized personnel can "walk in" and operate the local keyboard.
You can also modify group policy settings "Allow logon locally" in the way that user who should not have right to logon locally will not be members of groups name under this policy. One way to do it is to remove group "Users" (make sure that the unwanted users are members of the Users group and are not members of the other groups listed in this policy) from "Allow logon locally" policy.
You can access the policy using "Local security settings" in "Administrative tools". Then navigate to "Local policies/User Rights Assignment".

Good luck
0
 
ZnalostCommented:
Hi Kittrick,
Do you have mor questions? Let me know.
0
 
KittrickAuthor Commented:
That was a great answer Znalost! Thank you very much!

Kittrick
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now