Announcement

Collapse
No announcement yet.

Deny Logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny Logon

    greetings

    how can i deny a computer name to log-on to my domain.. i'm using windows 2003 server r2. dhcp is enabled. thanks

  • #2
    Re: Deny Logon

    Delete the Computer Account.
    http://technet2.microsoft.com/window....mspx?mfr=true
    * Users Helping Users *
    MS-MVP Windows Networking

    Comment


    • #3
      Re: Deny Logon

      ...but if you want to prevent that computer from JOINING the domain, you can't - there are too many ways that its identity can be cloaked. However; you can set a MAC filter on all your switches preventing that MAC address from connecting to your network...


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Deny Logon

        thanks for the reply. here's my present setup

        computers on the campus are all connected to the domain. on my dhcp i can tell that the pc is logged to the domain because the computer name is appended with the domain name like as_sec.domain.com

        so if the computer name is without the appended domain name then its not connected to the domain. but its given the proper ip address therefore it can connect to the network/internet

        the problem is when a someone brings a laptop and connects the network cable then it can access the network. is there a way i can deny such pcs that are not a part of the domain?

        Comment


        • #5
          Re: Deny Logon

          Originally posted by kinalas View Post
          thanks for the reply. here's my present setup

          computers on the campus are all connected to the domain. on my dhcp i can tell that the pc is logged to the domain because the computer name is appended with the domain name like as_sec.domain.com

          so if the computer name is without the appended domain name then its not connected to the domain. but its given the proper ip address therefore it can connect to the network/internet

          the problem is when a someone brings a laptop and connects the network cable then it can access the network. is there a way i can deny such pcs that are not a part of the domain?
          The domain suffix being appended to the host name DOES NOT mean the PC is "connected to the domain". It means that the PC has picked up its IP and DNS config from the DHCP server, and it has been allocated an IP address in the as_sec.domain.com zone. It will not have access to domain resources unless the computer and user have authenticated via a domain controller.

          If the computer has a computer account in as_sec.domain.com, and the user has selected AS_SEC from the drop down list at logon, and successfully logged in, THEN he is connected to the domain.

          Like I said, a way to prevent visiting computers from using your physical network (quite, quite different to the domain) is to apply MAC filtering to your switches so that only certain MAC addresses are accepted. OR, to prevent only external (i.e. internet) access you could configure mandatory authentication on your proxy and/or firewall - all the better if it is integrated with AD.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment

          Working...
          X