directory

Preface Rights Management

  • Add account
  • Account control
  • Management account
  • Disabling drive access

Remote login

  • Before login
  • In the login
  • Multi-user Login
  • Modify termsrv. DLL

Close win10 update at last


preface

Recently to manage the laboratory server, you may not believe it, the server is Win10 Pro. For those of you who read my blog regularly, I hate Windows. But there is no way, or to manage up, after all, can use free dual Intel Xeon and dual 1080TI graphics card server is not (manual funny). This article is about Win10 permissions, teach you how to add a harmless ordinary account to. Of course, in addition to the account aspect, of course, there are remote login, the server is not a bit loud, and it is difficult to add water cooling, so remote login is very necessary. Also, I hate Windows even more after multi-user remote login. By the way, the server is Win10 Pro 1803. I have tried 1903 before, and the whole is ok. I suggest upgrading. But if there is a bug or even a brick in the upgrade process or after the upgrade, I don’t care, I just want this sub.


Rights management

How to add a harmless account is very simple, in two steps, first add an account, second, disable it, oh no, limit it, that’s it.


Add account

First open the control panel, you can enter the control panel in the search box. Win key + R to open the runtime box, enter control.exe to enter the control panel, then I must be how to do it. Above:

Then click Change Account Type – Add new user in computer Settings – add someone else to this computer and create an account:


Account control

Win press +r to open the run dialog box and enter secpol. MSC to go to the local security policy. Go to Security Settings – Local Policies – Security Options and find user account Control: Promotion prompt behavior for standard users. Double-click to set it to automatically reject promotion requests and click OK. So you can’t upgrade your permissions.

Double click user account Control: detects application installation and prompts for promotion, set it to disabled, and click OK. So you can’t install the application.


Management account

Win key + R to open the run box, enter MMC. exe to enter Microsoft Management console, CTRL + M to enter Add or Remove snap-ins, select local users and groups, click Add, select local computer. Click User, double-click CXK, and set user cannot change password.

CTRL + M to go to Add or Remove snap-ins, select group Policy Object editor under available snap-ins, click Add, Click Browse, click User, and select CXK.

Go file-Save as.


Disabling drive access

Go to User Configuration – Administrative Templates -Windows Components – File Explorer to find prevent access to drives from “My Computer” and select Enabled. Here you can select the drive you want to restrict.

Click Admin Template – Control Panel, select Disable access to Control Panel and PC Settings, and select Enabled.

Finally save to the previous saved as. MSC file. Next time you want to turn on or off permissions, just keep editing the.msc file.


Remote login

To access Linux, MY hand is an SSH, not too much of a problem. The MSTSC is the Windows remote login. Of course, if you want quality and response speed, it is Teamviewer.

Before login

  • Win + eGo to File Explorer and selectThis computer – Right click properties – Advanced System Settings – Remote, enable remote:

  • Win + rOpen the run box and enter Control.exeThe control panel, click on theSystems and Security -Windows Defender Firewall – Enable or disable Windows Defender Firewall, disable the firewall:

  • Go back to the previous level and click Advanced Settings – Inbound Rules to enable the following options:
  • Win + rOpen the runtime box and enter gpedit. MSCLocal Group policy editor, the choice ofComputer Configuration -Windows Settings – Security Settings – Local Policies – Security OptionsTo findNetwork Access: Sharing and security models for local accounts, the choice ofclassic:

  • So if I add a user, as I said before,Win + eEnter theFile explorer, the choice ofThis computer – right click properties – Remote Settings – Remote. Click on theSelect User – Add – Advanced – Find Now, add the corresponding user:


In the login

  • Then went back toThe client, the inputWin + rOpen the runtime box and enter MSTSCRemote desktopAs shown in figure:

  • IP is the IP address of the server, just use ipconfig to read it. Note that this is your server computer name ++ username.
  • How to view the server computer name,Win + eGo to File Explorer and selectThis computer – right click propertiesAnd here is theStudioX. The user name is the created user.

  • Here in select local resources, you can check the printer and clipboard function:


Multi-user Login

Win key + R to open the run box, enter gpedit. MSC to go to the local group policy editor, select Management Template -Windows Components – Remote Desktop Services – Remote Desktop Session host – Connect. Modify limiting the number of connections and limiting remote desktop service users to a single remote desktop service session:

If the Listener state is Listening [not supported], run the rdpconf. exe Listener state. Update. bat is required, and you can restart the rdpconf. exe to test it. This is the stage for modifying DLL files.


Modify termsrv. DLL

Connect to the server, go to the C:\Windows\System32 directory and search for termsrv.dll:

First back up this file, you need permission for TrustedInstaller, select Termsrv. DLL – right click properties – Security – Advanced – Changes – Advanced – Find now, find current user, add return. Return to the security page, click Edit, and set full controls. This way you can back up your files.

Then use software that can modify HEX, which I recommend for Tiny Hexer, and open termsrv.dll. My version is 1803: search 8B 99 3C 06 00 00 8B B9 38 06 00 00 00 replace with B8 00 01 00 00 89 81 38 06 00 00 90 for other versions see this article and you can log in remotely with multiple users.


Close Windows 10 update

Remember to turn off the Windows 10 update, or your efforts will be in vain.


The last

In this case, the CXK account is useless, unable to install software, unable to access drives, and only able to operate software on the desktop. You can also create multiple standard or administrator users to remotely log in to the server. Please remember to like, if you have any comments or suggestions, see you in the comments section