I have a Server 2012 R2 instance that I'm using to share files and manage files (amongst other things). Currently it is NOT on a domain.
I have user based restrictions in place for file sharing. In particular I have a RAID 5 array with some 8tb of space mounted. On this drive are 3 public read-only shares for people to pull resources down from. I have myself set up as an Admin on the server so I can edit the files in the shares remotely and have a 4th share that is for my use only.
- articuno1au (articuno1au has full read write)
- newuser (newuser needs full read write)
- Public 1(public read, articuno1au has full read write)
- Public 2(public read, articuno1au has full read write)
- Public 3(public read, articuno1au has full read write)
I'm trying to set up another share for a user who will have read write access to this share. I'm wondering (short of setting up AD) if I can provide the privileges on the box without setting the user up as a local user on the server (i.e. giving them RDP access). Is that even possible?
Seems rather a waste to go through setting up AD services for the sake of setting permissions on a file share, but I want the new user to have permissions as above..
Best Answer pencil_ethics , 14 May 2014 - 08:45
Non-administrator accounts do not have Remote Desktop access by default. If they do, it's because you changed a setting (see Advanced System Settings => Remote tab => Select Users dialog, which alters the members of the Remote Desktop Users security group). Creating the new user as a standard (i.e. limited) user account should be exactly what you need; additionally, if you don't want standard users to log on to the server locally, you should edit the Local Security Policy (secpol.msc) such that the Users security group does not have the Allow log on locally right (Security Settings => Local Policies => User Rights Assignment).Go to the full post