Implementing Per Server RAS Permissions (147794)


The information in this article applies to:

  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0
This article was previously published under Q147794

SUMMARY

When you implement dial-in security, the Remote Access Admin utility sets dial-in permissions on a global, per domain basis. There are no settings to implement security on a server by server basis in the Remote Access Admin Utility. However, you can set the Per server security by allowing or denying the "Access this computer from network" user right in User Manager.

NOTE: A user that does not have the "Access this computer from the network" user right cannot access the computer for other purposes.

MORE INFORMATION

To implement dial-in security on a per server basis:
  1. Determine which users are to dial in to which RAS servers
  2. On each RAS server, assign the "Access this computer from network" user right only to the users who should have access to that specific server.
  3. Make sure you disable the "Access this computer from network" user right for the users who should not have access to the RAS server.
  4. Grant dial-in permissions to all dial-in users in Remote Access Admin.
Modification Type:MajorLast Reviewed:5/7/2003
Keywords:kbnetwork KB147794
©2002 Microsoft Corporation. All rights reserved.