Archived from groups: microsoft.public.win2000.security (
More info?)
You might try server operators group. You might even be able to use a
regular user account if that user has the proper ntfs permissions to the
logs and files it needs to clean up though a regular user can not clear the
security log if you have that in mind unless that account has the user right
to mange audit and security logs. User rights that you may want to assign to
the user to accomplish the job could be right to manage audit and security
logs, logon as batch job, and backup files and directories. Enabling
auditing of privilege use for failure could help determine if the account
needs any additional user rights to do it's job that it can not currently
do.
You can also configure the user rights for logon locally, deny logon
locally, access this computer from the network, and deny access to this
computer from the network to restrict what user accounts can access. Keep in
mind that the lack of a user right is an implicit deny and that deny user
rights override allow user rights. Refer to the Windows 2000 Security Guide
for more specifics on user rights and built in groups as shown in the links
below. The whole guide can be downloaded for free.--- Steve
http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/appxb.mspx
http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/05sconfg.mspx
"hernia" <hernia@discussions.microsoft.com> wrote in message
news:E0642A86-2A97-41FE-B3A9-5A295E9987CA@microsoft.com...
>I would like to create one account used to schedule administrative jobs on
> servers.
> Tipical jobs will be backup, log and temp files clean up. No network
> access
> will be necessary.
> In which group should I put this user? Which user rights can I remove?
> How can I prevent any access to the server's console using this account?
>
> Thanks in advance.
>
Facebook
Twitter
Instagram