Re: Forcing users to log into Domain account when in workplace

Pidgorny,

Thanks for your suggestion, but I think I need to provide more
information so you can understand what the needs are here, and why I
need to implement the above:

The idea behind the usage of two separate accounts on each user's
laptop is more of a practical sense.

The local (laptop) account will be used when the user is at home. The
user has the ability to install applications he might want to use at
home. This gives him the ability to work with the machine almost
without limitations. The local user account will be part of the 'Power
Users' of the local machine.

The domain account is to be used only for work. The user won't be able
to install any programs that are not related to his working
environment. The domain user has no additional privileges to install
or change settings under the domain account - restricting considerably
how much he can do, that's not related to his work.

I need to figure a way to force the user log into his domain account
when he connects his laptop at the office, not allowing him access to
the local computer account.

As a side note, I've been also looking into 802.1x, which looks
promising, but the problem with it is that when enabled, it works for
all accounts on the laptop. As an alternative, if I could enable
802.1x only when the user is logged into his domain account (locally
cached as you mentioned), then he can enter his username / password
and gain access to the network. If he logs into the local user account
and the 802.1x is disabled for that account, he can't join the
network.

Your thoughts and comments are appreciated.


.

Relevant Pages

  • RE: change from Domain to Workgroup to Domain
    ... Unless you have a local user account setup with admin rights (or rights to ... The laptop user came over to a friend's company ...
    (microsoft.public.windowsxp.network_web)
  • Re: accessing shares I get reference account is currently locked out
    ... I'm using a brand new laptop to test this. ... account being locked out. ... > I would also look into whether you have any drive mappings to this server ... If the local user account and password was the same as the domain ...
    (microsoft.public.windows.server.active_directory)
  • Re: "Edit Users..." Menu Item Disabled in Telephony Management Sna
    ... On the member server, make sure the domain account you are using to log on ... Running "tapicfg show" revealed that I had no Active Directory TAPI ...
    (microsoft.public.win32.programmer.tapi)
  • Re: Domain could not be contacted problem
    ... > can either make the process run under a domain account, ... > To impersonate a domain account, you generally do this by enabling ... > impersonating the authenticated user in IIS. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Domain could not be contacted problem
    ... > can either make the process run under a domain account, ... > To impersonate a domain account, you generally do this by enabling ... > impersonating the authenticated user in IIS. ...
    (microsoft.public.dotnet.framework.aspnet.security)