1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

domain users account can log onto windows!

Discussion in 'Plesk for Windows - 8.x and Older' started by sagelike, Apr 22, 2007.

  1. sagelike

    sagelike Guest

    0
     
    I discovered that the domain user that Plesk creates for a domain (xyz.com = "xyz" user) can actually log onto Windows, assuming someone made it that far.

    We use other remote control programs to access the server (not RDP) and each access point represents one more barrier to entry. Assuming someone could access remote control, being able to access the server via a user account provides dozens of opportunities to try various user names and passwords and since users don't always create strong passwords, this represents a serious security risk.

    Users have limited privileges but they users shouldn't be allowed to logon onto the server directly and I'd like to know how disable Windows server logon without affect access to their server account.

    Anyone have any experience with this or advice?

    I really want to lock this down.

    Thanks
    G
     
  2. custer

    custer Administrator Staff Member

    33
     
    Joined:
    Apr 24, 2007
    Messages:
    593
    Likes Received:
    101
    Go to Domains -> domain name -> Setup and make sure that "Login prohibited" is set in the "Access to system" menu.
     
  3. sagelike

    sagelike Guest

    0
     
    Hi there

    thanks for the answer. I checked and it is turned off however I can still log into windows via remote.

    It's highly unlikely anyone would get that far however I like to have that extra bit of assurance that even if they did, they wouldn't be able to do anything, if for instance they somehow managed to grab a user password.
     
Loading...