Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 162
  • Last Modified:

Server 2003 Local Logons

Hi guys, I currently have a domain server. I recently discovered that a Domain User can login to the console. I created a Test.User account in Active Directory and ONLY gave that user Domain User group. I then went to the server and was able to login. I am currently blocking GPO to this server, I went in and checked the Local Security Policies and the only thing I see that stands out is this account NT AUTHORITY/Authenticated Users (S-1-5-11)

How can I keep domain users from logging in
0
dmanisit
Asked:
dmanisit
  • 3
  • 2
1 Solution
 
bigbigpigCommented:
Local security policy > user rights assignment > Deny log on locally
0
 
dmanisitAuthor Commented:
I cant dent Domain Users there, as EVERYONE in the organization MUST be a member of Domain Users. That policy supersedes the Allow, therefore noone including domain admins could log in
0
 
bigbigpigCommented:
What users or groups are in "Allow log on locally"?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dmanisitAuthor Commented:
Local Administrators, And a Domain Group I created to allow LOCAL logon, I have added 3 people to it. However, like I said, ALL users have Domain users group, so If I deny that, it supersedes the Allow policy
0
 
bigbigpigCommented:
You mentioned in your question that Authenticated Users is in there... where do you see that?

What groups is the Test.User user account in?  Run 'net user Test.User' to list them.
0
 
McKnifeCommented:
If it's true that only local admins and the one domain group you created are allowed to logon locally by policy, then the only possible explanation is that you have nested the group domain users into your group of local admins or domain admins. Please check that. Also double check the group that you created.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now