Options

Log On To Local Machines, With Local Accounts

shretyshrety Member Posts: 5 ■□□□□□□□□□
in Server 70-290
Hello All Mates

I want to know , how can i disable the choice of log on to this computer
and just leave log on to the domain in all client computers

Best regards

:)
"Life Gives Us Gifts"
www.shrety.host.sk
· Share on FacebookShare on Twitter

Comments

  • Options
    benjiga69benjiga69 Member Posts: 23 ■□□□□□□□□□
    You can probably use the Local Machine's GPO to deny local logons from a specific group like "users". I dont know if that will remove the option but I think it will keep them from logging on locally. :P
    That which is easily obtained, is lightly esteemed!
    · Share on FacebookShare on Twitter
  • Options
    shretyshrety Member Posts: 5 ■□□□□□□□□□
    Thanks for reply , but i think this is not easy to go to every machine and configure the appropriate GPO

    icon_cry.gif
    "Life Gives Us Gifts"
    www.shrety.host.sk
    · Share on FacebookShare on Twitter
  • Options
    eurotrasheurotrash Member Posts: 817
    um create a GPO for the OU that contains the relevant computer objects.
    witty comment
    · Share on FacebookShare on Twitter
  • Options
    shretyshrety Member Posts: 5 ■□□□□□□□□□
    _omni_ wrote:
    um create a GPO for the OU that contains the relevant computer objects.

    Unfortunately the GPO Just Deny log on to the machine, which means that it deny log on to the entire machine from the keyboard not only with local machine accounts

    icon_cry.gif
    "Life Gives Us Gifts"
    www.shrety.host.sk
    · Share on FacebookShare on Twitter
  • Options
    TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    You should be able to apply the Deny Logon Locally GPO.

    Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignments -> Deny logon locally.
    · Share on FacebookShare on Twitter
  • Options
    woodwormwoodworm Member Posts: 153
    Not sure I understand why you would want to do this?

    anyway,

    If a domain user logs on to the PC, then the domain will be the default choice next time the PC boots up

    and

    If you don't want people logging on locally, remove any local users, and change the password on the local admin? (they shouldn't know it anyway).
    · Share on FacebookShare on Twitter
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    The suggestions to apply a Group Policy denying logon locally will work. However, the problem is that you would have to deny each and every "local" account someone might create. If you deny to a group, such as "users", this will also preclude domain users from logging on locally.

    I would recommend using the "Allow log on locally" setting, and set it to allow "Domain Users" (which will include all user accounts as long as they are in the domain, ie Domain Admins, Domain\joeblow, etc.) and for safety reasons also allow the local built-in "Administrator" account this right as well, just in case you encounter a network problem and can't log on to the domain (as in a bad NIC or something) you will need a local admin account log in to fix the problem.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Options
    shretyshrety Member Posts: 5 ■□□□□□□□□□
    Thanks for you all, i get the point
    "Life Gives Us Gifts"
    www.shrety.host.sk
    · Share on FacebookShare on Twitter
Sign In or Register to comment.