banner art

Limiting user rights

One way to protect your Windows Media server is to limit the rights of users who have access to the server. For each server user, you should determine the rights required by each and then set the appropriate limits. For example, rather than grant everyone administrator rights and permissions, you can reserve those rights for a few users who need full access to the server, such as information technicians and system managers.

By default, Windows Media Services can only be accessed by users in the Administrators group. In order to limit user rights effectively while still enabling users to administer Windows Media Services, you can remove users from the Administrators group and then add them to Windows Media Services only. To add users directly to Windows Media Services, you must use Component Services to configure access permissions for the Windows Media Services Component Object Model (COM) object.

You can move the majority of your Windows Media server users to a group, such as the USERS user group, that grants them adequate permissions for performing non-administrative tasks on the server. If you grant users access to the Windows Media Services COM object directly, they can perform most functions in the Windows Media Services snap-in and Windows Media Services Administrator for the Web, such as adding publishing points and monitoring client activity. Limiting the number of users with full rights greatly reduces the potential for security lapses.

To make user administration easier, you can create a new user group by using Computer Management. In Component Services, you can then add the new user group to the access list, and then add the non-administrator users to the new group. Grouping users enables you to administer user configurations for the entire server by using Computer Management.

Related topics

© 2005 Microsoft Corporation. All rights reserved.