Re: How to force a user to logon to the domain ?
From: Branislav (bkaric_at_hotmail.com)
Date: 10/06/03
- Next message: Chance Hopkins: "Re: impersonation and ado access connection"
- Previous message: web1: "Event ID 4106"
- In reply to: Roger Abell [MVP]: "Re: How to force a user to logon to the domain ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 6 Oct 2003 07:52:58 -0700
Thank you for the answer.
This looks much more elegant then the other solution I had in mind. I'll get
myself more familiar with GPOs.
Thank you,
Branislav
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:eLlnsEtiDHA.1688@TK2MSFTNGP12.phx.gbl...
> Once you have moved to an Active Directory environment your
> task will be easy, even if their domain account is a local Administrators
> group member. Using GPO enforced from AD take control over the
> user right to log on locally, removing all but Domain Administrators and
> Domain Users for example. Now this would let any domain user log into
> any of the machines, so if this is not what is desired you would have to
> get more granular, which becomes problematic in the worse case where
> each machine is supposed to have just that user log into it. It can still
> be done, it just takes a lot of single purpose GPOs.
> Then they could, as local administrators make as many accounts as
> they wished, even making them local admins, but they would not be able
> to use them to log into the machine.
>
> "Branislav" <bkaric@hotmail.com> wrote in message
> news:uzs9fZDiDHA.2120@TK2MSFTNGP10.phx.gbl...
> > Hello,
> > We would like to force users to logon to the domain so all the scripts
and
> > patches could be applied.
> >
> > The situation is this: there are no local accounts on workstations,
users
> > have only a domain account. It is an NT4 domain, on workstations we have
> > Win2000Pro and WinXP. Now, my boss wants every user to be a local
> > administrator on his/her computer so we put their domain account to be a
> > member of the local Administrators group. This gives them possibility to
> > logon locally on their computers.
> >
> > I have created a VB script which will check if a user is logged on
locally
> > and then change the IP address on the computer so it can not use network
> > resources. That's the way my boss wants it. If someone change the IP
> address
> > to some static value and connect to the LAN after all than we are
suppose
> to
> > use more drastic measures.
> >
> > Now, we are planning to migrate to Win2003 servers so I was thinking
that
> > this script can be applied using GPOs. But it will be applied to users
or
> > computers only if they logon into the domain. I don't know how to push
out
> > this script to every workstation so it can be run when users logon
locally
> > on their computer.
> >
> > The other solution someone mentioned to me is to configure DHCP server
to
> > give IP addresses to authenticated users only, but I still didn't find a
> way
> > to this either.
> >
> > Can you give me some advice about these things?
> >
> > Thank you,
> > Branislav
> >
> >
>
>
- Next message: Chance Hopkins: "Re: impersonation and ado access connection"
- Previous message: web1: "Event ID 4106"
- In reply to: Roger Abell [MVP]: "Re: How to force a user to logon to the domain ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
