I am trying to see which users have access to log into a server. When a user logs into the server, they authenticate against our Active Directory domain. How can I tell who else has access to log into the server and has full access? This server is not the domain controller.
How can I tell who has access to a server via an Active Directory Domain?
There are different types of logins that can be done on Windows systems. You can login locally, via Terminal server, access the computer from the network, log on as a batch job, log on as a service, and some lesser seen and used ones. Depending on how they are logging on will depend on what will happen when they try.
Let%26#039;s first start with a definition. Domain User=a normal user, not in the administrative group or any other server roles such as %26quot;Server Manager,%26quot; %26quot;Power Users,%26quot; etc.
Below are the default logon types for domain users
1) Cannot log on at the console (interactively)
2) Cannot log on via Terminal Services
3) Cannot act as part of the operating system
4) Cannot log on as a service
5) Cannot log on as a batch job
6) Can access the computer from the network
I suggest you set your Audit Policy Settings to the table defined in this document so that you are auditing your login successes and failures so that you know for 100% certain who is actually logging into your server.
HTH,
WG
How can I tell who has access to a server via an Active Directory Domain?
Only members in the AD have access rights to log in the server. You can create a log file to see who logs in and at what time. If you put your members in groups, then you can delegate how much access the members have. Generally, only members in the adminsitrators group have full access.
0 comments:
Post a Comment