Re: Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's

From: Jitendra Kalyankar (jitendra.kalyankar_at_gmail.com)
Date: 11/11/05

  • Next message: Andrew Kleszczewski: "Re: Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's" 
    Date: Thu, 10 Nov 2005 22:40:42 -0500
To: focus-ms@securityfocus.com

    Use the Logon Workstation criteria under user account. This way the
    account can not be used to login from any other computers.

    HTH,
    Jitendra

    On 11/10/05, Hindle, Dallas <Dallas.Hindle@bakersdelight.com.au> wrote:
    >
    >
    > Hi all
    >
    >
    >
    > I assumed this was easy but I must be missing something...
    >
    >
    >
    > I have a domain admin Account that is used for Services, SQL Processes,
    > Scheduled Tasks and for automated logons for some proprietary
    > software... This account has had the password leak out to a 3rd party
    > whom has decided to share it with other people in the company.
    >
    >
    >
    > As I'm sure you agree I need to get his account locked down ASAP, I want
    > to prevent logon to this account from any pc's other than the ones I
    > authorise, and I though this was a simple process, I don't know what I'm
    > missing but if anyone has any suggestions it would be much appreciated.
    >
    >
    >
    >
    >
    >
    >
    > Thanks
    >
    >
    >
    > Dallas
    >
    >
    >
    >
    >
    >
    >
    >
    > --
    > Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
    > http://www.mailguard.com.au/mg
    >
    >
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    >
    > 

    --
Thanks,
Jitendra Kalyankar
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Andrew Kleszczewski: "Re: Deny Logon by Domain Admin account to specific PC's or deny to all BUT specific PC's"

    Relevant Pages

    • [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the l
      ... logon screen with what is called "Welcome Screen". ... (including the original administrator account, ... Using the "welcome screen" actually disables / ignores the security ...
      (Bugtraq)
    • Re: ATTN : Microsoft - Security Event 529....Second Request for help....
      ... According to the events, the logon ... failure is from the local machine account. ... disconnected from the network. ... Security Event ID 529 is a failure audit for logon/logoff. ...
      (microsoft.public.windows.server.sbs)
    • Re: Is it really true that NTFS is secure?
      ... > and failure auditing starting with "Audit Account Management," and also try ... > The account Group got put back in the Administrator group again. ... > The logon to account: ...
      (microsoft.public.security)
    • Re: Please help refresh my memory on AD DC
      ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ...
      (microsoft.public.windows.server.active_directory)
    • Re: Logon Server Unavailable
      ... >> More Connections Can Be Made At This Time ... >> The network folder specified is currently mapped using a different user ... >> account in its primary domain is missing or the password on that account ... >> There are currently no logon servers available to service the logon ...
      (microsoft.public.windows.server.dns)