Solved

How can I allow only admins to log into my servers

Posted on 2008-10-09
9
211 Views
Last Modified: 2010-04-21
How does one allow only administrators/admin group  to logon to the servers?  if so how?  Thanks!
0
Comment
Question by:12string
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 20

Expert Comment

by:wolfcamel
ID: 22679830
by default only admins should have the login locally right
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22679835
To allow a user to only log on to some computers: Open the user-properties for the user by using ADUC, click on Account-tab and use the "Log on to"-button. Enter the computer names allowed to logon to.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22679870
on the server you are looking to do this on, define the below policy settings
Local security policy
User rights assignment
Allow logon locally

and add only the admin users you would like to login.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:12string
ID: 22679882
I only want to allow one administrator account or a group name to be able to log onto the servers.
0
 

Author Comment

by:12string
ID: 22679906
what I mean is only allow users that belong to a certain group be able to log onto the servers.
0
 

Author Comment

by:12string
ID: 22680099
Hello sk_raja_raja is this the path that you mean?

Start Gpedit

Local Computer Policy - Computer Configuration - Windows Settings - Security Settings - Local Policies - Users Rights Assignment - Allow Log on locally

0
 

Author Comment

by:12string
ID: 22680124
If that is the case how does one transfer that template to my other Windows servers?  or is this another question i need to post?
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 500 total points
ID: 22680197
No you can better do this by domain group policy

1.Group all the servers in a OU
2.Create a new group policy and define the "allow log on locally" settings by adding the desired domain group on it.
3.Link this policy only to this OU and enforce it

So, this policy will be applied to all the servers on this OU
0
 

Author Closing Comment

by:12string
ID: 31504716
Thanks that will work!
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question