No announcement yet.

deny local logon if DC not found

  • Filter
  • Time
  • Show
Clear All
new posts

  • deny local logon if DC not found

    I'm trying to prevent a minor from using any PCs after a certain time of day. What I have been doing was working fine until he discovered that all my policies can be bypased if the network is unplugged. Here's what I have in place now:
    1.) Time restrictions for user accounts in AD.
    2.) Scheduled task on PDC that initiates an remote shutdown via simple .BAT file.
    As I said this works great as long as the PCs are plugged in, but what (if anything) can I do to prevent logon using cached account information when the machine is unable to reach the DC?

  • #2
    Re: deny local logon if DC not found

    Change this setting to zero:

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: deny local logon if DC not found

      Hello. I would try this in a test environment before using it in a production.

      Last edited by uk_network; 13th August 2013, 14:41. Reason: Two links to essentially the same thing, was about to remove but my link provides a little extra info.
      Please remember to award reputation points if you have received good advice.
      I do tend to think 'outside the box' so others may not always share the same views.

      MCITP -W7,
      MCSA+Messaging, CCENT, ICND2 slowly getting around to.