Access this computer from the network
|ID: oval:org.secpod.oval:def:36486||Date: (C)2016-08-05 (M)2018-07-10|
|Class: COMPLIANCE||Family: windows|
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.
Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
Default on workstations and servers:
Default on domain controllers:
Enterprise Domain Controllers
Pre-Windows 2000 Compatible Access
Restrict the Access this computer from the network user right to only those users who require access to the server. For example, if you configure this policy setting to the Administrators and Users groups, users who log on to the domain will be able to access resources shared from servers in the domain if members of the Domain Users group are included in the local Users group.
If you remove the Access this computer from the network user right on domain controllers for all users, no one will be able to log on to the domain or use network resources. If you remove this user right on member servers, users will not be able to connect to those servers through the network. Successful negotiation of IPsec connections requires that the initiating machine has this right, therefor Microsoft recommends that it is assigned to the Users group.If you have installed optional components such as ASP.NET or Internet Information Services (IIS), you may need to assign this user right to additional accounts that are required by those components. It is important to verify that authorized users are assigned this user right for the computers they need to access the network.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access this computer from the network
(2) REG: ###
(3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeNetworkLogonRight' and precedence=1
|Microsoft Windows 10|