Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SBS 2011 Block Specific User Account

Posted on 2014-02-18
6
Medium Priority
?
332 Views
Last Modified: 2014-02-28
I have a simple request from a customer.  They're running Small Business Server 2011 and are having a problem with a domain admin getting into the server.  To detour additional conflict they have asked me to block their account from accessing the server.  How would I do this?  I figured it would probably be a GPO of some sort but can I do this on the local level to block a domain account.  They're logging in both locally and remotely.

Thanks.
0
Comment
Question by:TripapHoniC
  • 3
  • 2
6 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39869639
you can disable the account, change the password .... easier to just disable the account in aduc
0
 

Author Comment

by:TripapHoniC
ID: 39874248
Thanks David but this is an active user.  I cannot disable his account.  I need to prevent him from logging into the server but still allow him access to everything else.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39878728
aving a problem with a domain admin getting into the server

remove the user from the domain administrator security group
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Accepted Solution

by:
TripapHoniC earned 0 total points
ID: 39881697
Again, thanks David.  Unfortunately this issue wasn't as easy as the obvious.  

I ended up pushing out a GPO with specific user groups ONLY allowed to log in locally.  Basically an explicit deny to logon locally.  It worked.

Thanks.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39890156
You do realize that this user can disable that GPO without logging onto the server itself?  Giving them the ability to bypass your fix?

Just want you to be aware of that -- because it really isn't a proper solution.

Why is the user a domain administrator in the first place?  The only need to have a person in that group is to give them access to log onto the server.  If they manage something else in the network, you can grant specific access to whatever it is they need to do without compromising the full security of your domain -- which is exactly what you are doing.

Jeff
0
 

Author Closing Comment

by:TripapHoniC
ID: 39894352
No tangible answer offered for question.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question