How to limit remote user to access workgroup windows server 2019 from all Application except Servermanager read only access on iSCSI Target list?

Question

I have a workgroup windows server 2019 Standard that has some iSCSI Target on it. I want to grant a remote permission to contractor, but I don't want to let him do anything else except only view that iSCSI Targets are connected.

I found two way to band all application except those I want to grant him for example Server Manager, CMD.exe , . . .

1- by limiting all application from gpedit.msc and allow only server manager. but in this way administrators also can't access other Apps.

2- by change registery of his user account. unfortunately he can't view iSCSI Targets in Server Manager.

I want to know which permission he required to view iSCSI Targets?

Thanks,

Answer 1

Hello Haijian Shan

Thank you for your answer, I have a question that how could I grant local user read only access to iSCSI Targets?

Have a beautiful day,

Best Regards,

Hassan Mirdamadi

Answer 2

Hello  Hassan Mirdamadi，

Thank you for your reply.

To grant a local user read-only access to iSCSI Targets on a Windows Server 2019, you can follow these steps:

1. Open the iSCSI Initiator Properties dialog box on the Windows Server 2019.
2. Click the Targets tab, and then select the iSCSI Target that you want to grant read-only access to.
3. Click the Properties button, and then click the Security tab.
4. Click the Add button, and then enter the name of the local user account that you want to grant read-only access to.
5. In the Permissions list, select the Read permission, and then click OK.
6. Click OK to close the iSCSI Target Properties dialog box.

Once you have completed these steps, the local user account will have read-only access to the selected iSCSI Target.

Best Regards,

Haijian Shan

Answer 3

Hello Hassan Mirdamadi，

Thank you for posting in Microsoft Community forum!

To limit a remote user's access to a workgroup Windows Server 2019 and only allow read-only access to the iSCSI Target list through Server Manager, you can follow these steps:

1. Create a new local user account on the Windows Server 2019 and grant it read-only access to the iSCSI Target list.
2. Add the new user account to the local Remote Desktop Users group on the Windows Server 2019.
3. Configure the Windows Firewall to block all incoming connections except for the Remote Desktop Protocol (RDP) port (TCP port 3389).
4. Configure the Remote Desktop Session Host (RD Session Host) on the Windows Server 2019 to only allow connections from members of the Remote Desktop Users group.
5. On the Windows Server 2019, open the Local Group Policy Editor (gpedit.msc) and navigate to Computer Configuration > Administrative Templates > System > Group Policy.
6. Enable the "User Group Policy loopback processing mode" setting and set it to "Replace".
7. Create a new Group Policy Object (GPO) and link it to the organizational unit (OU) that contains the Windows Server 2019.
8. In the new GPO, navigate to User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options.
9. Enable the "Remove Task Manager" setting and set it to "Enabled".
10. In the new GPO, navigate to User Configuration > Administrative Templates > System > Run only specified Windows applications.
11. Enable the "Run only specified Windows applications" setting and add the following applications to the list: Server Manager, CMD.exe.

Once you have completed these steps, the remote user should only be able to access the Windows Server 2019 through RDP and will only have read-only access to the iSCSI Target list through Server Manager.

Have a nice day!

Best Regards,

Haijian Shan