New guy here,
We have a server 2008 R2 (32) which is a domain controller, we recently switched from open storage (6 raid-5 drives in the server) to closed storage (removing the drive) every night. I do not want staff pulling the power on a domain controller every night to remove the drives, so I looked in the GPO "log on locally' and 'allow shut down'.
This works, however, the temptation is there to 'look around', see what we can see, etc.
Is there a way, either a security setting or a batch file that staff without admin right can log onto a server, down the server correctly, but not open windows explore.
I am thinking some way to write a script "IF logon server = \\DCSERVER then noaccess browsing" something like that, that is your are not an admin, and log onto a server, your Windows Explorer rights are limited. I have created a group, so, the group name can be used
Thanks.
b
We have a server 2008 R2 (32) which is a domain controller, we recently switched from open storage (6 raid-5 drives in the server) to closed storage (removing the drive) every night. I do not want staff pulling the power on a domain controller every night to remove the drives, so I looked in the GPO "log on locally' and 'allow shut down'.
This works, however, the temptation is there to 'look around', see what we can see, etc.
Is there a way, either a security setting or a batch file that staff without admin right can log onto a server, down the server correctly, but not open windows explore.
I am thinking some way to write a script "IF logon server = \\DCSERVER then noaccess browsing" something like that, that is your are not an admin, and log onto a server, your Windows Explorer rights are limited. I have created a group, so, the group name can be used
Thanks.
b
Facebook
Twitter