Temporary prevent Users to connect via the Network to an NT system

by Johannes Helmig [Published on 4 Feb. 2001 / Last Updated on 4 Feb. 2001]

As an Administrator of an NT4-server, you need sometimes to make system maintenance or
install some new software or hardware components, which requires no users to be connected
to the server during this activity ( because you will have to restart the system a few times and
you do not want to take the risk of users loosing data ) .

Although you might do it sometimes as a night-shift or during the weekend (which you like to
avoid as much as possible
), even at these times users are connecting, and sometimes it can
not wait .
And typically users tend to either forget or ignore messages send around like :
"Maintenance on the Server at xx:xx : please log off and do not reconnect until yy:yy"
they keep working and accessing data on the server !


The NT4 system has some tools available to help you in such situations.
( Windows 2000 has similar tools, but defined in different locations than in NT4)

In the "Control-Panel",
use the "Server" applet
It allows you to see the list of
users connected (button "Users"),
you can select a user by clicking
on the name and then "Disconnect"
the user (click the button).










A Warning message will be displayed.
If you select "Yes", the user is
disconnected.



However : if the user is accessing after such a forced log-out any section on the server
(via Network-Neighborhood or via a mapped network drive), his system will re-establish
a network connection and make a new Login : the user is again connected !

To prevent such new logins, we need to use a more powerful tool:

Open the "User Manager" and
select from the menu :
"Policies" / "User Rights"
Select in the drop-downlist "Right" the
"Access this computer from network",
then select "Everyone" by clicking on it
and push the button "Remove".
( "Everyone" is the user-group, where each
defined NT-user is automatically a member )
Then select OK to exit this screen and
close the User manager.
Now, use again in the "Control-Panel"
the "Server" applet, select the button
"Users" and "Disconnect All" your
users from the server.


If now a user tries to make a login to the server:


he will get an error-message:


He can only accept this error message, then select on the "Enter Password" window to cancel
the login , then he can work on his local PC but without being able to connect to the network.

If a user had NOT followed the request to log out, he has still access to the
"Network Neighborhood" and "My Computer" will still show the mapped Network drivers.
However on trying to use now any resource on the server , his regular user-name and password
are not anymore sufficient for a connection :

The request for the password for
the "IPC$" resource
is the typical
message, in case a user does not
have sufficient rights to connect
to the NT-system.

Once you are finished with your job on the server and users should be allowed to connect again
to the server:

Open again the "User Manager"
and select from the menu :
"Policies" / "User Rights"
make sure to select the "Right"
"Access this computer from network",
then click on the button "Add".



Up comes "Add Users and Groups",
click on "Everyone", then on the
button "Add" to have this name
"Everyone" displayed in the section
"Add names", then "OK" to finish
the section.
Being back in "User Rights Policy",
select "OK" to exit and to make this
change to the Policies active.



The users defined in your
"User manager" (which are all
automatically a member of the
group "Everyone" )
are now able
again to connect to the NT-system.

See Also

Featured Links