RE: Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 11/11/05
- Previous message: Brown, Sam: "RE: What server hardening are you doing these days?"
- In reply to: Hindle, Dallas: "Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's"
- Next in thread: Hindle, Dallas: "RE: Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Nov 2005 21:30:48 -0500 To: "'Hindle, Dallas'" <Dallas.Hindle@bakersdelight.com.au>, <focus-ms@securityfocus.com>
Well, you can do this with Group Policy, but it's really going to depend on
your OU structures. Assuming all of the machines/software using this account
are servers, do you have your servers in a single OU structure? If this is
the case, I can give you more information, but it's gonna be a lot of typing
if this isn't the case, so I'll wait for your reply. :-)
Laura
> -----Original Message-----
> From: Hindle, Dallas [mailto:Dallas.Hindle@bakersdelight.com.au]
> Sent: Thursday, November 10, 2005 8:16 PM
> To: focus-ms@securityfocus.com
> Subject: Deny Logon by Domain Admin account to specific PC's
> or deny to all BUT specific PC's
>
>
>
> Hi all
>
>
>
> I assumed this was easy but I must be missing something...
>
>
>
> I have a domain admin Account that is used for Services, SQL
> Processes, Scheduled Tasks and for automated logons for some
> proprietary software... This account has had the password
> leak out to a 3rd party whom has decided to share it with
> other people in the company.
>
>
>
> As I'm sure you agree I need to get his account locked down
> ASAP, I want to prevent logon to this account from any pc's
> other than the ones I authorise, and I though this was a
> simple process, I don't know what I'm missing but if anyone
> has any suggestions it would be much appreciated.
>
>
>
>
>
>
>
> Thanks
>
>
>
> Dallas
>
>
>
>
>
>
>
>
> --
> Message protected by MailGuard: e-mail anti-virus, anti-spam
> and content filtering.
> http://www.mailguard.com.au/mg
>
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Brown, Sam: "RE: What server hardening are you doing these days?"
- In reply to: Hindle, Dallas: "Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's"
- Next in thread: Hindle, Dallas: "RE: Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
