Security Basics mailing list archives
RE: Allow mail access to MS exchange 2003 but deny local logon
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Mon, 12 Jun 2006 16:59:05 -0400
There are probably a few better ways to do this, but a quick and easy is to set their User account to Logon To only the server's NetBIOS name. By default non-admin users can't log on locally to servers, so they won't be able to locally, and they won't be able to log on locally to other machines. There are probably better ways, but it is a quick way. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Professional Windows Desktop and Server Hardening (Wrox) *http://www.amazon.com/gp/product/0764599909 ***************************************************************** -----Original Message----- From: langzi.lz () gmail com [mailto:langzi.lz () gmail com] Sent: Monday, June 12, 2006 3:43 AM To: security-basics () securityfocus com Subject: Allow mail access to MS exchange 2003 but deny local logon Hi all, Is there any way to only allow user mail access to exchange 2003 (via pop3, imap or mapi) but do not allow the user to logon to workstation locally to windows domain? Thanks!
Current thread:
- Allow mail access to MS exchange 2003 but deny local logon langzi . lz (Jun 12)
- RE: Allow mail access to MS exchange 2003 but deny local logon Roger A. Grimes (Jun 12)
- <Possible follow-ups>
- Re: Allow mail access to MS exchange 2003 but deny local logon cairesmello (Jun 12)