Announcement

Collapse
No announcement yet.

Preventing Local user's to log to domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Preventing Local user's to log to domain

    Is there a way to block local user to access resources on the domain.
    Here's the scenario:

    User has domain account but he/she never use it because of policies that we implemented.
    They log locally then access resource's on domain using their domain accounts.

    How can we prevent this?


    Thanks

  • #2
    Re: Preventing Local user's to log to domain

    Disable local accounts?

    Comment


    • #3
      Re: Preventing Local user's to log to domain

      Hello Alien_li

      Thanks for your suggestion. To dsable local accounts are time consuming coz you have to do it on a thousands pc's.

      We have to restrict Local users to access resource in our domain

      Comment


      • #4
        Re: Preventing Local user's to log to domain

        remove the permissions from the resources from "Everyone" & "ANONYMOUS" and add only "Domain Users", etc.

        Comment


        • #5
          Re: Preventing Local user's to log to domain

          Originally posted by totoy bato View Post
          Hello Alien_li

          Thanks for your suggestion. To dsable local accounts are time consuming coz you have to do it on a thousands pc's.
          In that case you can use the Restricted Groups setting in a GPO to apply to all your computers.
          You can add Domain users in your local built in users group. Be aware that this setting will remove any members already in the group.
          Otherwise remove check the Share permissions and remove the everyone group in all your resources as suggested above by Akila (By default Everyone has read-only permission in win 2003 and I think had full control in win 2000, Also Anonymous group was member of everyone back then i think.)
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: Preventing Local user's to log to domain

            Yeah they're right pare. You can remove their permissions to the shared resources. But i think you should force your users to login to your domain. so you can manage their rights, privileges and permissions. Because whats the use of your ADUC if users are logging in locally to their desktop. well maybe DNS, DHCP..
            Ronuel
            MCP
            There is only one way to find Out..Its to try it and/or Do it...

            Comment


            • #7
              Re: Preventing Local user's to log to domain

              Thanks to all that replied,
              I can do "restricted group" to force user's to log to domain
              How ever if there's a visitor and wants to access resources to domain.
              The visitor can use domain user account to access resources ex. Proxy.
              Since Visitors pc is not join to our domain and still can access to our resource by the help of user's domain account.

              Is it possible to block the user that are log locally (pc not join to domain) to access resources to our domain? We need to disable the authentication to the user's that are not log to domain and attempt to access our network.

              Thanks

              Comment


              • #8
                Re: Preventing Local user's to log to domain

                Ah well, in that case why don't you just create a Security Group and then explicitly deny access to the network resources for that group whilst they can still use the proxy for internet access.

                Hope it helps
                Caesar's cipher - 3

                ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                SFX JNRS FC U6 MNGR

                Comment


                • #9
                  Re: Preventing Local user's to log to domain

                  thanks L4ndy for reply;

                  Proxy is one of the access that we need to restrict.
                  We need globally disable the authentication used by windows to authenticate local users to access the network.



                  Thanks

                  Comment

                  Working...
                  X