Microsoft KB Archive/147794

= Implementing Per Server RAS Permissions =

Article ID: 147794

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 3.5
 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 3.5
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q147794



SUMMARY
When you implement dial-in security, the Remote Access Admin utility sets dial-in permissions on a global, per domain basis. There are no settings to implement security on a server by server basis in the Remote Access Admin Utility. However, you can set the Per server security by allowing or denying the "Access this computer from network" user right in User Manager.

NOTE: A user that does not have the "Access this computer from the network" user right cannot access the computer for other purposes.



MORE INFORMATION
To implement dial-in security on a per server basis:


 * 1) Determine which users are to dial in to which RAS servers
 * 2) On each RAS server, assign the "Access this computer from network" user right only to the users who should have access to that specific server.
 * 3) Make sure you disable the "Access this computer from network" user right for the users who should not have access to the RAS server.
 * 4) Grant dial-in permissions to all dial-in users in Remote Access Admin.

Additional query words: prodnt

Keywords: kbnetwork KB147794

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.