Access this computer from the network!

[stompin]

Ok I need to understand how to use the GP permission - "Access this computer from the network". I have created an OU and placed all my client machines in there. I have then created a GP and gone to "Access this computer from the network" and placed admins in there only. Applied this GP to all domain computers and I hoped that only admins could gain access to any workstation - didn't work..WHY??

I know I have missed something silly but I need this silly thing pointing out!!

Advice appreciated.

 

[Seaspray0]

Can you be more specific on the location of "Access this computer from the network" and there are hundreds of policy options and I can't remember all their locations off the top of my head... as well as some being in more than one location. Something like "computer configuration\administrative templates\system...." would be helpful.

Why didn't it work?

"Applied this GP to all domain computers and I hoped that only admins could gain access to any workstation"

If this is a computer configuration, you should apply it to the computer objects in active directory you wish it to apply to. If you want it to have administrators have access to the client PC's, then apply the policy to the container or OU that holds the client PC's (i.e. computers container, not domain controllers container).

Domain Admins have administrative rights to all computers on the domain. If you wish access to the C drive on computer "bob" they go to a browser and type \\bob\c$ (note the $ sign). The only thing that stops that is a firewall on the client.


Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA

 

[stompin]

It is on the computer config - and your last point on hidden share ($) - thats exactly what I need to stop any user doing but without disabling the "server" service.