Maintaining a fully fledged IT support services can extremely be a daunting task for many small business owners Poor IT management can affect any size of business especially when your business operations hinge on network availability. Without the availability of proper technical support resources, small businesses have a high risk of failure.
In a default Small Business Server 2003 installation, groups and user assignments are setup in “defaults” mode, which can cause catastrophic issues if handled incorrectly. The best method to deal with this is to change all of the default groups and assignments and start with your own customized groups and security.
By default, Small Business Server 2003 is setup with a few groups for security based on a small business environment. The administrator, by default, is made a member of the domain power users security group. The domain power users security group is nested inside another group called SBS Remote Operators. SBS Remote Operators are defined by local and domain group policy to deny logon locally. Try to log in to the console, and you will be informed that your administrator has denied your access to log in interactively to the server.
The solution is to remove the administrator from the SBS remote operators group as well as domain power users groups. The administrator only needs to be in the domain administrators and enterprise administrators for your domain. Second, browse to group policy locally and on domain policy and make sure that deny logon locally is disabled.
Accidentally assigning the administrator to either the domain power users or any remote desktop groups ( SBS Remote Operators and Terminal Server Users) will cause major problems. If the administrator cannot log on locally, then services will not start and reinstallation will be imminent.
By default, the administrator has remote desktop authority, so no further setup is needed.
Source
In a default Small Business Server 2003 installation, groups and user assignments are setup in “defaults” mode, which can cause catastrophic issues if handled incorrectly. The best method to deal with this is to change all of the default groups and assignments and start with your own customized groups and security.
By default, Small Business Server 2003 is setup with a few groups for security based on a small business environment. The administrator, by default, is made a member of the domain power users security group. The domain power users security group is nested inside another group called SBS Remote Operators. SBS Remote Operators are defined by local and domain group policy to deny logon locally. Try to log in to the console, and you will be informed that your administrator has denied your access to log in interactively to the server.
The solution is to remove the administrator from the SBS remote operators group as well as domain power users groups. The administrator only needs to be in the domain administrators and enterprise administrators for your domain. Second, browse to group policy locally and on domain policy and make sure that deny logon locally is disabled.
Accidentally assigning the administrator to either the domain power users or any remote desktop groups ( SBS Remote Operators and Terminal Server Users) will cause major problems. If the administrator cannot log on locally, then services will not start and reinstallation will be imminent.
By default, the administrator has remote desktop authority, so no further setup is needed.
Source
No comments:
Post a Comment