?
Solved

Deny All And Grant Authorization As Needed To Terminal Services Users Without Active Directory

Posted on 2007-03-27
5
Medium Priority
?
234 Views
Last Modified: 2013-12-04
Greetings;

I'm running Windows 2003 Server Standard edition in a workgroup (Active Directory is not installed). I run a software development business and occassionally hire contractors. I need to secure my server such that the contractors only have authorization to what they need.

Ideally, I would like to default to be that contractors have no access other than to login in via terminal services and get to their respective My Documents directory. I would grant access to programs and directories on an as needed basis. This would include Control Panel programs as well (I do not want contractors having access to Administrative Tools).

Is there a straight forward way to accomplish what I'm looking for?


Much thanks ... David
0
Comment
Question by:David Bach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18804270
Veriman,

your life would be considerably easier with AD.....

Regards,

James
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 1000 total points
ID: 18806001
The thing with local policies is that you cannot filter it out to not apply to particular users, example Administrators. however like everything else there is a way out.
normally if you enable the settings in local policy (gpedit.msc console) they apply to administrators as well. you could enble the policies and on C;\windows\system32\group ppolicy folder you can deny permissions for the adminsitrator so that the administrator does not read the templates and the policy does not apply. at this point the administrator would not be able to access the gp object editor..it would give an "access denied" . if the admin wants to then make changes he would have to give permissions to the administrators on the folder and can edit the policies.
I have tried it and it works, but trust me using AD would make it far more easier.
let me know if you need anything else.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 1000 total points
ID: 18806036
well there is one way around it that isnt pretty but it works :)

http://support.microsoft.com/kb/293655/
0
 

Author Comment

by:David Bach
ID: 18808669
Thank you Jay and kprad.

I have not experienced success with installing, tailoring and customizing Active Directory on Windows 2003 Server.

I will need to try it again.

David
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18812975
AD is very nice once you step back and look at what you actually want and need - then your life gets much much better
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Know what services you can and cannot, should and should not combine on your server.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month11 days, 3 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question