Jorge's right. Please contact me off-list before posting something like
that. There's off topic and there's off topic, if you know what I mean.
Tony [List owner]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Saturday, 11
Hello experts,
Im setting a kiosk machine, my question is how do I allow
a specific user to login
to my domain from only one machine disallow other users
from logging from the same machine.
Regards,
DISCLAIMER:
This electronic message transmission contains information from
To allow the user to only logon on to that machine go into their
Account Tab and use the Log On To feature and only allow access to
that particular machine.
You could deny everyone else the right to log on locally using a policy.
This is the setting in the GPO
Computer Configuration\Windows
Can you please be more specific? You are
seeking to allow only one specific user to log on INTERACTIVELY on your kiosk
machine??
I think one way would be to give only that
user account (and local Admin, of course) the Allow Logon Locally
user right. This would restrict Interactive logon
I meant to have this in my last post...
You could put the User Right Deny Logon Locally on all machines OTHER
than your kiosk machine to accomplish the other part of your scenario
(logging onto ONLY one machine). The method mentioned below by Mike
would suffice also for that purpose.
Sorry for
Thanks Mike Robert.
Now, I have a bonus question which is how do I allow automatic login so
that I don't tag the password on the kiosk console.
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams
(RRE)
Sent: Sunday, June 12, 2005
Joe, that exactly what i am
experiencing since i installed windows 2003 sp1 (did I mention my OS version and
Sp ? oupss... sorry :)). I was exciting about new security enhancements of sp1.
BUT I've lost functionnality i've configured such as starts remotly services but
a nonadmin user...
This should help you
http://support.microsoft.com/kb/315231
How to turn on automatic logon in Windows XP
You are definitely taking a risk with this box on your domain in the
open like this.
Since this box will be in the open with no logon requirements you will
want to really tighten security
I have updated SvcUtil to work within these new confines.
If you know the service name, you can control it and view its status remotely
with SvcUtil now.
Also I determined that the version of SC that comes with
SP1 will also do this. I am not sure if you can copy that file to non-SP1
I will check your blog and
SvcUtil right now :)
Thanks for all your feedback and your
work.
Cheers,Yann
De: [EMAIL PROTECTED] de la
part de joeDate: dim. 12/06/2005 18:19À:
ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] User privilege on
Server.
I have updated SvcUtil to work
Thanks alot Mike, you have been very helpful
Sorry for not making myself clear. Can this be achieved in win2k domain
environment.
I have already searched the web but i could not find a useful information
Any help in this regard is really highly appreciated.
Regards,
-Original
SC.EXE can reset the perms on the SCM
See http://blogs.msdn.com/spatdsg/archive/2005/05/20/420624.aspx
C:\sc sdshow scmanager
This is SP1 info
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA
;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
This is the RTM info:
Excellent Steve, thanks!
I saw the new sdshow and sdset but didn't see any hints at how to get at the
Service Control Manager ACL.
I am sure there will be some griping over having to use SDDL format but at
least there is a mechanism to handle this and not all of us hate SDDL.
The key
Hopefully this will change now that it
seems there is a company a day releasing that customer information has been
compromised. Here in Ohio,
the state actually decided to sue DSW for such a thing (which is the first
legal action in the states, I think). I know how politics works, so who
Hopefully this will change now that it seems there is a company a day releasing that customer information has been compromised.
Ha. Everyone thinks that OTHER companies make mistakes, but not them.
Plus, most Senior Managers aren't going to see it as a problem unless the other members of their
Douglas,
Thanks
for the kind words. I basically feel that my ethics are worth more than
any job. Simply, you play fair no one gets hurt. However,
its what they dont tell the people who have to ANSWER for these
poorly thought out decisions that are actually in harms way. In my case,
it
other members of their particular market
segment get hit, or their customers start worrying
In my case, the other folks that were
being lied to (outside of the Cxxs signing false documents and the Auditors
collecting bad information) ARE the customers. They are being told that
To answer your follow up yes you can also enable auto login on a W2K box
http://support.microsoft.com/kb/315231
How To Enable Automatic Logon in Windows 2000 Professional
The polices and methods that Robert and I listed in the first few
messages wilil work on a Windows 2000 or 2003 domain.
18 matches
Mail list logo
