Restricting Logon Access
All servers should be configured to allow only administrators to physically log on to the console. By default, such use is restricted on domain controllers, but other servers such as file servers, utility servers, and the like must be configured to specifically forbid these types of logons. To restrict logon access, follow these steps:
1. Open Server Manager, select Tools, and then click the Local Security Policy option.
2. In the node pane, navigate to Security Settings, Local Policies, User Rights Assignment.
3. Double-click Allow Log On Locally.
4. Remove any users or groups that do not need access to the server, as shown in Figure 13.1. Click OK when you have finished.
Figure 13.1. Restricting logon access.
Note ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
