Windows 2000 Restricting Local User Account

  • Thread starter Thread starter AJ
  • Start date Start date
A

AJ

Hi folks

I need to create a local account on a standalone server (non domain
member) which will have the ability to create local user accounts, but
not mess with the administrator account (thinking member of power user
group here). In addition to this I need to make sure that this user
cannot browse the network in anyway and only be granted specific
permissions to certain directories. The permissions to the directories
can be performed by locking down with NTFS permissions but I cannot
find a way to disable network browsing without messing with the server
service which is required for user account management. I need to hide
all network servers/domain from this specific user account. What is
the best way to acheive this, is it possible?

TIA

AndyJ
 
Members of the Administrators group can fully administer user accounts
only Administrators can assign user rights and access privileges for
resources. Members of the Power Users group can create accounts only in
the Power Users, Users, and Guests groups they can also maintain and
delete the accounts they create. However, a Power User can neither
change nor delete an account in these groups if the account was created
by someone else. A member of the Users group can create, maintain, and
delete accounts in local groups that he or she has created. Guests can
neither create nor delete accounts.

[end quote]

How To Create and Manage User Accounts Programmatically
http://support.microsoft.com/kb/119671

For network browsing see the information here and in the related entires
at the bottom:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93569.mspx?mfr=true

Take a look at Group Policies to enforce what you want.

John

AJ wrote:

> Hi folks
>
> I need to create a local account on a standalone server (non domain
> member) which will have the ability to create local user accounts, but
> not mess with the administrator account (thinking member of power user
> group here). In addition to this I need to make sure that this user
> cannot browse the network in anyway and only be granted specific
> permissions to certain directories. The permissions to the directories
> can be performed by locking down with NTFS permissions but I cannot
> find a way to disable network browsing without messing with the server
> service which is required for user account management. I need to hide
> all network servers/domain from this specific user account. What is
> the best way to acheive this, is it possible?
>
> TIA
>
> AndyJ
Click to expand...
 

Similar threads

A
Microsoft Security Exposure Management Graph: unveiling the power
Replies
0
Views
23
andreykarpovsky
A
AWS
Skilling snack: Windows end-user readiness
Replies
1
Views
241
Tony D
Tony D
L
New on Microsoft AppSource: June 7-13, 2024
Replies
0
Views
65
Luxmi_Nagaraj
L
AWS
Widespread credential phishing campaign abuses open redirector links
Replies
1
Views
324
Tony D
Tony D
AWS
How to proactively defend against Mozi IoT botnet
Replies
1
Views
323
Tony D
Tony D
Back
Top