Announcement

Collapse
No announcement yet.

Deniying AD access through non-domain workstations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deniying AD access through non-domain workstations

    Hello,

    It is known that Active Directory automatically adds a workstation to the domain when a domain user attempts to log on to the directory from that workstation.

    However, I am interested to know if there is a way to block anonymous workstations from joining a domain unless they are manually added to the AD Computers list by the administrators. This means, if an existing AD user attempts to log in from a non-domain terminal on the network then they should be denied access to the domain and its shared resources. Is it possible?


    Regards,
    Prasanna

  • #2
    Re: Deniying AD access through non-domain workstations

    A computer IS NOT automatically added when a domain user logs on to a computer which is not part of the domain.

    The computer would not even be able to authenticate the user.

    What do can happen is that a regular user can add the workstation to the domain.
    This can be done by default 10 times by a regular user account.

    If you do not want users from adding workstation to the domain you need to edit your default Domain Controller policy.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment

    Working...
    X