In some instances, a server is not a domain controller, it could be a Windows Client computer stuck in a corner of an office, or it could be a Windows Home Server, or some other type of windows machine. The key thing here is that this computer is a sanctuary for data and usually accessed over the network, not by users logging into it.
By default, if you have a domain controller, such as Windows Small Business Server 2008, then disabling end-users from logging into such servers is done by default for you. If you aren’t running a domain controller, you may want to ensure logon to the server is limited to just the administrators.
To do this, you just have to change the local policy on this server. Here’s how:
- Log in as an administrator to the client computer, verify that you are an administrator (this step is important, because if you make a mistake here, you could lock yourself out of the server!)
- Load up the local policy by going to Start, Run, and typing GPEDIT.MSC
- Once the Local Group Policy Editor loads, navigate down to to Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.
- Select the Allow log on locally policy and remove the “Users” group from this policy and hit Apply
That’s it! you’re all finished. Since this is local policy, there is no need to run a “gpupdate /force” to make it take effect. Simply try to log in as a standard user account to the server again, and you’ll notice that access is denied, making your network more secure, even if you don’t have SBS!