Microsoft KB Archive/231470

= SFU Telnet Security Overview =

Article ID: 231470

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Services for UNIX Add-On Pack
 * Microsoft Windows Services for UNIX 2.0 Standard Edition

-



This article was previously published under Q231470



SUMMARY


MORE INFORMATION
Only users who have the Log on Locally permission can gain access to the Telnet server from the local computer's console. The Telnet server included with the Services for UNIX Add-On Pack enables users to log on to the server over the network. Users who have the permission to log on locally can make changes to the computer over the network as though they were actually working on it locally. The following groups have the Log on Locally permission enabled by default on computers running Windows NT:
 * Administrators
 * Everyone
 * Guests
 * Power Users
 * Users

NOTE: We recommend that you deny this permission to the Everyone and Guests groups.

A Windows NT Server configured as a domain controller is configured by default to give the following groups the Log on Locally permission:
 * Account Operators
 * Administrators
 * Backup Operators
 * Print Operators
 * Server Operators

The Access this computer from the network permission enables a user to connect to the computer over the network. The following groups have this permission enabled by default on a computer running Windows NT:
 * Administrators
 * Everyone
 * Power Users

The following groups have the Access this computer from the network permission enabled by default on a Windows NT Server configured as a domain controller:
 * Administrators
 * Everyone

Although you usually start a Telnet session using a network connection, the shell is running locally on the computer. The users or groups that connect need to have the Log on Locally permission enabled to gain access to the Windows NT SFU Telnet server. You can create a Telnet User group that has the Log on Locally permission enabled, and then add each user you want to gain access the Telnet server.

For additional information about permissions, click the article number below to view the article in the Microsoft Knowledge Base:

231953 How to Restrict Permissions for Telnet Users w/Services for UNIX

For more information about Windows NT Security, please obtain a whitepaper about securing Windows NT installations at the following Microsoft Web site:

http://www.microsoft.com/ntserver/security/exec/overview/Secure_NTInstall.asp

Additional query words: SFU telnetd solar coaster

Keywords: kbinfo kbnetwork KB231470

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.