[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Best practice of securing a system

Posted on 2007-09-28
8
Medium Priority
?
307 Views
Last Modified: 2012-05-05
Hi,

What is the steps i need to take to best secure my system.
Ex:
No one except me should login on the console.
Only my name should be allowed through Mstsc
Any other suggestions.

Regards
Sharath
0
Comment
Question by:bsharath
  • 5
  • 3
8 Comments
 
LVL 8

Accepted Solution

by:
mailtosinghs earned 2000 total points
ID: 19983091
you have to configure the security settings using group policy or local policy


configure following at "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment"

"Allow log on locally" for console log on, remove any everyone or other group and add your user name.


"Allow log on through Terminal Services" for mstsc logon, administrator has access by default you can add remove groups and user names.


you configure this using GPMC for domain policy or gpedit.msc for local policy
0
 
LVL 11

Author Comment

by:bsharath
ID: 19983106
Allow logon locally i am not able to remove everyone and add my name it does not accept.

Its says
Administrator has to be a member.
0
 
LVL 8

Expert Comment

by:mailtosinghs
ID: 19983147
first add yourself apply policy and then try to remove the administrator
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 8

Expert Comment

by:mailtosinghs
ID: 19983148
or everyone
0
 
LVL 11

Author Comment

by:bsharath
ID: 19983163
Administrators must be granted the logged on locally.

I et this.

I am able to remove everything else and apply.If i remove the Administrator its not applying i get the above said message.
0
 
LVL 8

Expert Comment

by:mailtosinghs
ID: 19983200
administrators must be there, otherwise you will not be able to apply settings.

if you want certain people who are administrators and should not logon locally configure the "Deny Logon Locally" policy and add their names.

0
 
LVL 11

Author Comment

by:bsharath
ID: 19983216
So if i leave the administrator in logon locally and add administrator in deny logon locally will the administrator not login ?
0
 
LVL 8

Expert Comment

by:mailtosinghs
ID: 19983226
no it is not possible to remove builtin administrator account,
you can add remove any other account which is member of administrators group.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question