Server 2008 and local logon

[b.15101r.14944a]

New guy here,

We have a server 2008 R2 (32) which is a domain controller, we recently switched from open storage (6 raid-5 drives in the server) to closed storage (removing the drive) every night. I do not want staff pulling the power on a domain controller every night to remove the drives, so I looked in the GPO "log on locally' and 'allow shut down'.

This works, however, the temptation is there to 'look around', see what we can see, etc.

Is there a way, either a security setting or a batch file that staff without admin right can log onto a server, down the server correctly, but not open windows explore.

I am thinking some way to write a script "IF logon server = \\DCSERVER then noaccess browsing" something like that, that is your are not an admin, and log onto a server, your Windows Explorer rights are limited.

Thanks.

b

 

[b.15101r.14944a]

Ok, after thinking about this, not using a script but a local policy to "hide the C: drive"

Is there a way assign a server local group to have the C: drive hidden from them?

b.

 

[St1ckM4n]

I think you're looking at the wrong end of the problem. In what way is removing a non-hot-plug drive from the server every night a good idea?

 

[b.15101r.14944a]

I think you're looking at the wrong end of the problem. In what way is removing a non-hot-plug drive from the server every night a good idea?

When your customer ask you to and the tech staff stops questioning the question and follows orders. I thought this site had professional tech's? All I am hearing is challenging debates about what is asked of them

 

[St1ckM4n]

I'm pretty sure you can allow shutdown commands to standard users. Then just set everything on the computer to only be read by administrators.

Anyway, it all seems pretty silly if you have no idea how to do this stuff, and you're following the directions of a customer who seriously has no idea. Do everything at your own risk, cos it sounds like a cluster waiting to happen.