Ask the Expert

Windows server access management in Active Directory

I need to move our accounting server down to our server room and put it on the domain. It is currently on a "mini network" in the accounting office. Once I have it on the domain, I need to make it so that only the accounting group, domain admin and backup operator have access to this server. How can I accomplish this? We are on a Windows Server 2003 domain with Active Directory.

There are different levels of Active Directory server access that you can set: access to those coming in through network shares, access to those logging on at the console or access to those logging on through a remote desktop session.

You can set access for those coming in through the Windows network by sharing the particular folders of interest. When logged on to the server, right click any folder and select Sharing. Give the share a convenient name, such as "Financial," and set the permissions. You'll most likely want to provide Full Control to Domain Admins and the accounting groups. The Backup Operators group probably won't need control at the share level.

You can also control who has the ability to log on to the console. When you join the server to the domain, the Administrators, Domain Administrators and Backup Operators groups are automatically assigned the permission to log on locally. If you also want members of the Accounting group to have this right, go into the Local Security Policy console from Administrative Tools in the Start menu. Then drill-down into the Local Policies > User Rights Assignment node and find the entry for Allow Log On Locally. You can add the domain Accounting group from there.

And finally, if you want the Accounting group to be able to log on through a Remote Desktop session, then go into the Computer Management console, drill down into System > Local Users and Groups > Groups. Then, add Accounting to the Remote Desktop Users group.

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: