I have a serious problem with my domain at work. I work in a school, we used to have one windows 2003 server as a DC.

Meanwhile I installed another server with 2008 r2 platform and set it as additional DC. Then I reinstalled the first one so, now both of them have 2008 r2 operating system.

Active directory with users and policies was created few years ago and worked fine. There were basically 3 types of users:

 

- student (user with minimal rights)

- teacher, and other staff (SuperUser)

- administrator (domain admin)

Until few days everything worked fine, as only administrator was able to use Remote Desktop or access for example server's c$ or d$ drive.

Now somehow it's all messed up, and I don't recall doing any changes in AD or GP.

 

So symptoms are these:

- Students, teachers and all other users are able to connect via remote desktop to any machine including server.

- All of them are able to access \\server\c$ or similar folders by DEFAULT (this did not change on other workstations, only servers)

 

So my questions are these:

Does anyone know this kind of behaviour from experience to give me fast solution?

If not, where exactly in active directory group policy I can reset those options:

- forbid using of remote desktop for all user except Administrator

- forbid browsing of any folders by any users unless it's specifically shared to that user

 

Another thing:

From a XP computers lately I've been getting message that I can't run Remote Administrator, no matter if I'm logged as administrator or other user

Does it have something to do with the fact I've raised functionality level of domain to 2008 r2? Message displayed is:

"Remote computer requires network level authentication, which your computer does not support."

 

Thanks in advance

I realized somehow Domain Users was member of Administrators ... strange

I deleted it and now it seems fine

Thanks