|
Posted by Steven L Umbach on June 28, 2005, 6:51 pm
If you were Registered and logged in, you could reply and use other advanced thread options
You might be able to come close. What you could try is to create a local
group with the users you want to do this. That group could be in the local
users and guests group on the Exchange Server. Give that group deny logon
locally and shut down the system user rights. For a Windows 2003 server add
them to the user right for deny logon through Terminal Services and shut
down the system remotely. Make sure that group has no access to any shares
on the server if any exist other than the default administrative shares
which they could not access. If you want and the Exchange Server is a domain
computer you can use Group Policy linked to the container that the Exchange
Server is in and configure Event Log settings so that guests can not access
the logs in Event Viewer. If all that has been done the users still may be
able to use Computer Management to access the Exchange Server to look at
some info on the server but not configure anything as long as they are not
local administrators/power users. Since they can not logon locally to it
they will not have a user profile which means that they could not write any
files to it or change any ntfs permissions. However they should be able to
restart the Exchange Server remotely via command line using the shutdown -r
command specifying the remote server. If they do not have physical access to
the server problems could arise if they use shutdown command incorrectly to
shut down the Exchange Server and can not access it to power it back
. --- Steve
> Hi there,
>
> I'm wondering if there is a way I can create a security group on my
> exchange
> server and add a list of people with the capability to just power down or
> restart the machine. My exchange server runs some third party software
> that
> occasionaly goes and rather than having to get up at 3:00AM and VPN in to
> reboot it, I'd rather just be able to hand the functionality to our night
> staff. However, I only want them to be able to do just that.
>
> I've never heard of anyone doing this before and not sure if I can. Any
> input? I don't want to have to create some elaborate GPO but it sounds
> like
> that might be the route?
>
> Any input is greatly appreciated.
>
> Thank you
> Joshua
| 
XML site map