Granting some users log on locally
I happen to administer a product from Microsoft called SQL Server Reporting Services. One of the features of SSRS is that it allows users to store their credentials so that they can be used to execute the reports. The problem is that in order to store the credentials, the credential must be granted "Log on locally" permission. more details here http://social.msdn.microsoft.com/Forums/en-US/sqlreportingservices/thread/198d2dd1-0faa-4514-b6e3-7ca5ea11c48a Obviously this is a huge concern for me as an admin because now for all people who want to define a data source with stored credentials, they need to be granted "Log on locally" permission. My questions is 1. If a user is granted log on locally permission. what can they do on the server? a. can they remotely login b. can they use powershell to do remoting c. any other form of remote access? b. any ability to program against the server Also, 2. How can I minimize the effect of this permission? is it possible for me to grant this permission just so that the credential can be stored on the server but practically the user is not able to do anything with the server apart from the creation of data source? MSDNStudent Knows not much!
June 14th, 2012 4:22pm

Hi, Grant a Member the Right to Logon Locally is to grant a user account the ability to log on locally. For remote desktop, please refer the following policy setting: Allow log on through Terminal Services http://technet.microsoft.com/en-us/library/cc758613(v=WS.10).aspx All Group Policy Settings for Remote Desktop Services in Windows Server 2008 R2 http://technet.microsoft.com/en-us/library/ee791756(v=WS.10).aspx Hope this helps! Best Regards Elytis Cheng Elytis Cheng TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2012 10:52pm

what about the ability to programmatically access some resources ... is that enhanced because of log on locally?MSDNStudent Knows not much!
June 15th, 2012 2:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics