Re: Power Users
- From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
- Date: Tue, 18 Nov 2008 10:28:46 -0800
That they can log on when a DC is down has nothing to do with them being Power Users. The default behavior for Windows is to create and store cached credentials (containing password verifiers) on client workstations so that users can log on when not connected to the network.
You can disable this functionality on clients (http://support.microsoft.com/kb/172931/en-us), but I'd advise against it -- the default behavior allows your users to log on to their computers and continue working even if a domain controller is unavailable. What security risk do you perceive exists with this behavior?
--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
Protect Your Windows Network: http://www.amazon.com/dp/0321336437
"Denis" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:564CFC4C-C99E-4A1B-ADE2-9C8F1984DD98@xxxxxxxxxxxxxxxx
We have a Windows 2003 Active Directory Domain.
We have PCs with Domain Users added to them as Power Users. Now, whenever
the DC is down, then also these guys are able to logon to their PCs with
their Domain Logon User IDs.
How do I restrict this?
Thanks in Advance.
Regards,
Denis Dudhia
.
- References:
- Power Users
- From: Denis
- Power Users
- Prev by Date: after password changes screensaver locked account out
- Next by Date: Event Viewer registers events in the future
- Previous by thread: Power Users
- Next by thread: after password changes screensaver locked account out
- Index(es):
Relevant Pages
|
