Security Basics mailing list archives

RE: Allow mail access to MS exchange 2003 but deny local logon

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Mon, 12 Jun 2006 16:59:05 -0400

There are probably a few better ways to do this, but a quick and easy is
to set their User account to Logon To only the server's NetBIOS name. By
default non-admin users can't log on locally to servers, so they won't
be able to locally, and they won't be able to log on locally to other
machines. There are probably better ways, but it is a quick way.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************

 

-----Original Message-----
From: langzi.lz () gmail com [mailto:langzi.lz () gmail com] 
Sent: Monday, June 12, 2006 3:43 AM
To: security-basics () securityfocus com
Subject: Allow mail access to MS exchange 2003 but deny local logon

Hi all,

Is there any way to only allow user mail access to exchange 2003 (via
pop3, imap or mapi) but do not allow the user to logon to workstation
locally to windows domain?

Thanks!

Current thread:

Allow mail access to MS exchange 2003 but deny local logon langzi . lz (Jun 12)
- RE: Allow mail access to MS exchange 2003 but deny local logon Roger A. Grimes (Jun 12)
- <Possible follow-ups>
- Re: Allow mail access to MS exchange 2003 but deny local logon cairesmello (Jun 12)