domain users account can log onto windows!

[sagelike]

I discovered that the domain user that Plesk creates for a domain (xyz.com = "xyz" user) can actually log onto Windows, assuming someone made it that far.

We use other remote control programs to access the server (not RDP) and each access point represents one more barrier to entry. Assuming someone could access remote control, being able to access the server via a user account provides dozens of opportunities to try various user names and passwords and since users don't always create strong passwords, this represents a serious security risk.

Users have limited privileges but they users shouldn't be allowed to logon onto the server directly and I'd like to know how disable Windows server logon without affect access to their server account.

Anyone have any experience with this or advice?

I really want to lock this down.

Thanks
G

 

[custer]

Go to Domains -> domain name -> Setup and make sure that "Login prohibited" is set in the "Access to system" menu.

 

[sagelike]

Hi there

thanks for the answer. I checked and it is turned off however I can still log into windows via remote.

It's highly unlikely anyone would get that far however I like to have that extra bit of assurance that even if they did, they wouldn't be able to do anything, if for instance they somehow managed to grab a user password.