* - Add an account to the console
-
WMIC RDPermissions where TerminalName="Console"
call AddAccount "domain\user",2
... where 0=guest,1=user,2=full
access
* -
Deny an account access to the console -
WMIC rdaccount where
"terminalname='console' and
accountname='<domain\\group>'" call
modifypermissions 0,2
Use
WMIC /node:<fqdn> ... to remote the action.
--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Abagnale
Sent: Friday, June 10, 2005 4:57 AM
To: [email protected]
Subject: [ActiveDir] mstsc /console switch for non admins
Hi,
Our IT Operations team will require access to our remote Windows 2003 DC's
which act as File & Print Servers.
At the moment, they are members of the Built-in domain Server Operators
group which they use Remote Desktop to connect through to the DC's for
data/print services support/administration which gives them the remote access
they require.
I would like them to use the mstsc /console switch however, it seems only
members of the domain administrators group can use this switch as they are
unable to logon.
The IT Ops user can logon to the server via the physical kvm console using
the same account and have access. Only through mstsc /console are they denied
access.
The Server Operators group have the following rights:
Allow logon through Terminal Services
Log on Locally
Log on Locally
Does anyone know of a way around this so I can allow Non-Admins use the
/console switch?
Any ideas or alternative workarounds appreciated and I already understand
that Non-admins are not supposed to logon to DC's but due to politics we have to
allow this...for the time being.
Thanks
- Frank
Discover Yahoo!
Have fun online with music videos, cool games, IM & more. Check it out!
