How to prevent users from logging on locally to their computers?
From: Branislav (bkaric_at_hotmail.com)
Date: 09/30/03
- Previous message: Stephen Craver: "Re: Wireless access point in Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Sep 2003 09:36:17 -0700
Hello,
We would like to force users to logon into domain so all the scripts and
patches could be applied.
The situation is this: there are no local accounts on workstations, users
have only a domain account. It is an NT4 domain, on workstations we have
Win2000Pro and WinXP. Now, my boss wants every user to be a local
administrator on his/her computer so we put their domain account to be a
member of the local Administrators group. This gives them possibility to
logon locally on their computers.
I have created a VB script which will check if a user is logged on locally
and then change the IP address on the computer so it can not use network
resources. That's the way my boss wants it. If someone change the IP address
to some static value and connect to the LAN after all than we are suppose to
use more drastic measures.
Now, we are planning to migrate to Win2003 servers so I was thinking that
this script can be applied using GPOs. But it will be applied to users or
computers only if they logon into the domain. I don't know how to push out
this script to every workstation so it can be run when users logon locally
on their computer.
The other solution someone mentioned to me is to configure DHCP server to
give IP addresses to authenticated users only, but I still didn't find a way
to this either.
Can you give me some advice about these things?
Thank you,
Branislav
- Previous message: Stephen Craver: "Re: Wireless access point in Windows 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
