Re: Restrict Logon Location

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/23/04

• Next message: Steven L Umbach: "Re: port blocking on Windows 2000/2003 servers"
• Previous message: Steven L Umbach: "Re: Recovery from a crash"
• In reply to: AjjuAjju: "Re: Restrict Logon Location"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 23 Nov 2004 13:26:26 -0600

Yes, they can logon to all domain computers but domain controllers. ---
Steve

"AjjuAjju" <ajjuajju@gmail.com> wrote in message
news:a5def859.0411230805.78210b76@posting.google.com...
> Are domain users allowed to login to Domain Servers by default?
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:<uvbryhNzEHA.132@TK2MSFTNGP10.phx.gbl>...
>> In Windows you can restrict the user logon to specific domain computers
>> in
>> their AD user account properties by computer name. Also the user rights
>> for
>> logon locally and deny logon locally can be used to restrict users for
>> console logon. That can be done in a number of ways either via local,
>> domain, or Organizational Unit level. User rights are located in security
>> policy under security settings/local policies/user rights. Note that deny
>> will always override a users allow for a user right and that
>> administrators
>> are also members of the everyone and user groups. Local policy can also
>> be
>> overridden by domain/OU policy. Group/security policy is applied in this
>> order in Windows 2000/2003 with the last applied defined policy being
>> applied -- local>site>domain>Organizational Unit. -- Steve
>>
>>
>> "Karine Rivet" <krivet(nospam)@viad.com> wrote in message
>> news:eIM3N4MzEHA.1260@TK2MSFTNGP12.phx.gbl...
>> > In Netware we have the ability to restrict where a Netware account can
>> > logon based on MAC address, i.e. we can restrict the account to only
>> > being able to logon from one specific MAC address. Is this doable in
>> > AD
>> > and if so how?
>> >
>> >

• Next message: Steven L Umbach: "Re: port blocking on Windows 2000/2003 servers"
• Previous message: Steven L Umbach: "Re: Recovery from a crash"
• In reply to: AjjuAjju: "Re: Restrict Logon Location"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: logon/power-users group question ... users to the power users group (via My computer>Properties>Computer ... and then logon to the computer with that account to bypass domain ... > You can limit logon to domain computers in a couple of ways. ... (microsoft.public.windows.server.security) Re: Authenicated Users Query ... If the account that the user is logged onto on the non domain computer has ... If you have auditing of logon events enabled ... use ipsec AH/ESP for communications with domain computers but otherwise it ... (microsoft.public.windows.server.security) Re: How do I reset access rights to use/view ADUC? ... that contain certain elevated accounts or something similar. ... have been authenticated at logon you need to be able to gain access to AD, ... (microsoft.public.windows.server.active_directory) Re: Restrict Logon Location ... they can logon to all domain computers but domain controllers. ... User rights are located in security ... Local policy can also ... (microsoft.public.windows.server.active_directory) Re: Active AD users? ... users/table you can add attributes for last logon time and logon server. ... local accounts on domain computers and are not in the local administrators group ... are finding "account logon" events in the security log on domain computers, ... (microsoft.public.win2000.networking)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint