• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

Deny All And Grant Authorization As Needed To Terminal Services Users Without Active Directory

Greetings;

I'm running Windows 2003 Server Standard edition in a workgroup (Active Directory is not installed). I run a software development business and occassionally hire contractors. I need to secure my server such that the contractors only have authorization to what they need.

Ideally, I would like to default to be that contractors have no access other than to login in via terminal services and get to their respective My Documents directory. I would grant access to programs and directories on an as needed basis. This would include Control Panel programs as well (I do not want contractors having access to Administrative Tools).

Is there a straight forward way to accomplish what I'm looking for?


Much thanks ... David
0
David Bach
Asked:
David Bach
  • 3
2 Solutions
 
Jay_Jay70Commented:
Veriman,

your life would be considerably easier with AD.....

Regards,

James
0
 
Kini pradeepPrincipal Cloud and security consultantCommented:
The thing with local policies is that you cannot filter it out to not apply to particular users, example Administrators. however like everything else there is a way out.
normally if you enable the settings in local policy (gpedit.msc console) they apply to administrators as well. you could enble the policies and on C;\windows\system32\group ppolicy folder you can deny permissions for the adminsitrator so that the administrator does not read the templates and the policy does not apply. at this point the administrator would not be able to access the gp object editor..it would give an "access denied" . if the admin wants to then make changes he would have to give permissions to the administrators on the folder and can edit the policies.
I have tried it and it works, but trust me using AD would make it far more easier.
let me know if you need anything else.
0
 
Jay_Jay70Commented:
well there is one way around it that isnt pretty but it works :)

http://support.microsoft.com/kb/293655/
0
 
David BachAuthor Commented:
Thank you Jay and kprad.

I have not experienced success with installing, tailoring and customizing Active Directory on Windows 2003 Server.

I will need to try it again.

David
0
 
Jay_Jay70Commented:
AD is very nice once you step back and look at what you actually want and need - then your life gets much much better
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now