HOW TO: Restrict Users from Gaining Access to a Domain Controller by Using Telnet

This article explains how to restrict users from gaining access to a Windows 2000-based domain controller when they use the Telnet service.

Create a Global Security Group

To restrict users from gaining access to a Windows 2000-based domain controller when they use the Telnet service, create a global security group, and then add the users that you want to have access to the Windows 2000-based computer by using the Telnet service. To do so:

1. In Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
2. Click the Users container.
3. Click Action, click New, and then click Group.
4. In the Group Name box, type TelnetClients.
5. In the Description box, type a description of the group.
6. Confirm that Global is entered in the Group Scope box, and then confirm that Security is entered in the Group Type box.
7. Click OK, and then add the users who you want to have Telnet access to the domain controllers to the global security group that you just created.

NOTE: When there is a TelnetClients group, only users who are members of this group have Telnet access to the domain controllers in the domain, unless those users are administrators of the domain. Members of the Administrators group always have access by using Telnet even if they are not members of the TelnetClients group.

For additional information about configuring Telnet access on a Windows 2000-based member server, stand-alone server, or Windows 2000 Professional-based workstation, click the article number below to view the article in the Microsoft Knowledge Base: