Home
Certification Preparation
Microsoft
MCSA / MCSE on Windows 2003 General
Server 70-290
Log On To Local Machines, With Local Accounts
shrety
Hello All Mates
I want to know , how can i disable the choice of log on to this computer
and just leave log on to the domain in all client computers
Best regards
Find more posts tagged with
Comments
benjiga69
You can probably use the Local Machine's GPO to deny local logons from a specific group like "users". I dont know if that will remove the option but I think it will keep them from logging on locally. :P
shrety
Thanks for reply , but i think this is not easy to go to every machine and configure the appropriate GPO
eurotrash
um create a GPO for the OU that contains the relevant computer objects.
shrety
_omni_
wrote:
um create a GPO for the OU that contains the relevant computer objects.
Unfortunately the GPO Just Deny log on to the machine, which means that it deny log on to the entire machine from the keyboard not only with local machine accounts
TeKniques
You should be able to apply the Deny Logon Locally GPO.
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignments -> Deny logon locally.
woodworm
Not sure I understand why you would want to do this?
anyway,
If a domain user logs on to the PC, then the domain will be the default choice next time the PC boots up
and
If you don't want people logging on locally, remove any local users, and change the password on the local admin? (they shouldn't know it anyway).
sprkymrk
The suggestions to apply a Group Policy denying logon locally will work. However, the problem is that you would have to deny each and every "local" account someone might create. If you deny to a group, such as "users", this will also preclude domain users from logging on locally.
I would recommend using the "Allow log on locally" setting, and set it to allow "Domain Users" (which will include all user accounts as long as they are in the domain, ie Domain Admins, Domain\joeblow, etc.) and for safety reasons also allow the local built-in "Administrator" account this right as well, just in case you encounter a network problem and can't log on to the domain (as in a bad NIC or something) you will need a local admin account log in to fix the problem.
shrety
Thanks for you all, i get the point
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
