locked
Read Only access user account to Main Domain Controller RRS feed

  • 問題

  • they can only remote login if their account added into remote desktop user group and administrators group, and they will have full access rights, i do not know how to gain access for only read, if they logon locally without using remote desktop, i think they have only read access, but for remote desktop, i dont know how


     IP address & name of your domain controler server(s)
    - account (ID & password) with read-only access to this(these) server(s) ; with both forms : "net bios domain name "\"user name" and "user name"@"domain name" (upn)

      Dear All

    We want to give Domain User to Read Only access Main Domain Controller (via remote desktop) to
     create documentation about this server. Does some one know how to accomplish this? below is the request from our regional IT in oversea


    - IP address & name of your domain controler server(s)
    - account (ID & password) with read-only access to this(these) server(s) ; with both forms : "net bios domain name "\"user name" and "user name"@"domain name" (upn)

    i have created an normal account and added this account into "computer configuration" -> window setting -> security setting -> local policies -> user right assignment -> allow logon locally , and put the account into "remote desktop group in server", i have tried to use the created account to login via remote desktop, it doesnt allow, it said i have to add this account into terminal services and remote desktop user group, which i already did, and then i have added this account into administrators group, and it could remote with the account, but found out that the account can login to the server (via remote desktop) and has full rights to delete and create account, how do i only gain this account read only ?  do i need to set delegate control ? to allow only read for this account ?

    keith

     

    2013年10月18日 上午 09:44

解答