I need some help with security as I find on all Servers a group called domain users so this gives every Domain user read access to the whole server, we also see this on all hard drives on each server. What is the best practice for securing all Servers on our network to prevent Domain users this type of access but still giving certain groups/users access to the server/folders we choose to allow access. I need help with this and any documentation you have because we have a very large company with thousands of servers and tens of thousands users so can see my concern with Domain user having access to all Server. Thank you

Hi, You can use the Access this computer from network and Allow logon locally security polices to control who can access the servers. For more information about "User Right Assignment", please see the following website: User Rights Assignment http://technet.microsoft.com/en-us/library/cc780182(WS.10).aspx This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Not the answer I was looking for, we are trying to understand the groups the need for the group and what's required to secure each server. Thanks for trying