# Local Log on To Server and Restricting Drive



## b15101r14944a (Feb 24, 2014)

Hello, 

New guy here, 

We have a server 2008 R2 (32) which is a domain controller, we recently switched from open storage (6 raid-5 drives in the server) to closed storage (removing the drive every night. I do not want staff pulling the power on a domain controller every night to remove the drives, so I looked in the GPO "log on locally' and 'allow shut down'.

This works, however, the temptation is there to 'look around', see what we can see, etc.

Is there a way, either a security setting or a batch file that staff without admin right can log onto a server, down the server correctly, but not open windows explore.

I am thinking some way to write a script "IF logon server = \\DCSERVER then noaccess browsing" something like that, that is your are not an admin, and log onto a server, your Windows Explorer rights are limited.

Thanks.

b


----------



## b15101r14944a (Feb 24, 2014)

I think I got it

From the Windows 7 desktop:

- Windows 7 Explorer
- Go to the DVD\CD
- Right-Click Properties
- &#8220;Sharing&#8221;
- Advanced Sharing
- &#8220;Share this&#8221;
- Permissions
- Add Domain (User1, User2, Etc) or create a Domain group &#8220;AllowWin7CD&#8221; and add user to this, 
- Remove default &#8216;Everyone&#8217;

Anyone see a security or problem with this?

B.


----------



## b15101r14944a (Feb 24, 2014)

Opps, wrong thread, this is to control Win7 desktop DVD\CD

Haa, Sorry

B.


----------

