Knowledge Base

Implementing Per Server RAS Permissions

Article ID: 147794

Article Last Modified on 11/1/2006

Microsoft Windows NT Workstation 3.5
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0 Developer Edition
Microsoft Windows NT Server 3.5
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0 Standard Edition

This article was previously published under Q147794

SUMMARY

When you implement dial-in security, the Remote Access Admin utility sets dial-in permissions on a global, per domain basis. There are no settings to implement security on a server by server basis in the Remote Access Admin Utility. However, you can set the Per server security by allowing or denying the "Access this computer from network" user right in User Manager.

NOTE: A user that does not have the "Access this computer from the network" user right cannot access the computer for other purposes.

MORE INFORMATION

To implement dial-in security on a per server basis:

Determine which users are to dial in to which RAS servers
On each RAS server, assign the "Access this computer from network" user right only to the users who should have access to that specific server.
Make sure you disable the "Access this computer from network" user right for the users who should not have access to the RAS server.
Grant dial-in permissions to all dial-in users in Remote Access Admin.

Additional query words: prodnt

Keywords: kbnetwork KB147794