Jump to content

Restricting Local User Account

Guest AJ

By Guest AJ
in Windows 2000 Workstation

 Share

Recommended Posts

Guest AJ

Guest AJ

Posted
Posted

Hi folks

 

I need to create a local account on a standalone server (non domain

member) which will have the ability to create local user accounts, but

not mess with the administrator account (thinking member of power user

group here). In addition to this I need to make sure that this user

cannot browse the network in anyway and only be granted specific

permissions to certain directories. The permissions to the directories

can be performed by locking down with NTFS permissions but I cannot

find a way to disable network browsing without messing with the server

service which is required for user account management. I need to hide

all network servers/domain from this specific user account. What is

the best way to acheive this, is it possible?

 

TIA

 

AndyJ

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest John John (MVP)

Guest John John (MVP)

Posted
Posted

Re: Restricting Local User Account

 

 

Members of the Administrators group can fully administer user accounts;

only Administrators can assign user rights and access privileges for

resources. Members of the Power Users group can create accounts only in

the Power Users, Users, and Guests groups; they can also maintain and

delete the accounts they create. However, a Power User can neither

change nor delete an account in these groups if the account was created

by someone else. A member of the Users group can create, maintain, and

delete accounts in local groups that he or she has created. Guests can

neither create nor delete accounts.

 

[end quote]

 

How To Create and Manage User Accounts Programmatically

http://support.microsoft.com/kb/119671

 

For network browsing see the information here and in the related entires

at the bottom:

 

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93569.mspx?mfr=true

 

Take a look at Group Policies to enforce what you want.

 

John

 

AJ wrote:

> Hi folks

>

> I need to create a local account on a standalone server (non domain

> member) which will have the ability to create local user accounts, but

> not mess with the administrator account (thinking member of power user

> group here). In addition to this I need to make sure that this user

> cannot browse the network in anyway and only be granted specific

> permissions to certain directories. The permissions to the directories

> can be performed by locking down with NTFS permissions but I cannot

> find a way to disable network browsing without messing with the server

> service which is required for user account management. I need to hide

> all network servers/domain from this specific user account. What is

> the best way to acheive this, is it possible?

>

> TIA

>

> AndyJ

 Share
Go to topic listing
×
×
  • Create New...