Results 1 to 10 of 10
  1. #1
    Joined
    Dec 2001
    Location
    USA
    Posts
    383

    Force a domain user to log on to the domain

    I want to force a user to log on to the domain. Right now the user logs on to the local machine. I am using Server 2003 with active directory domain. When I configue active directory to "deny local log" for that specific user, it denies the user to logon to the domain and allows that same user to log on locally. So how do I configure this correctly.

    I want to force the user to log on to my domain.

    Thanks for the info
    Asus A7N8X 2.0 bios 1005
    Athlon 1700+ w thermalright SLK800U w Artic silver 3
    512 corsair twinx PC2700
    80 gig WD 7200 SE
    ATI Radeon 9500 pro 128
    Pixelview Play TV PVR
    Antec true power 430
    Buslink 52X24X52
    Toshiba 16xDVD
    Win XP Pro SP1

  2. #2
    Joined
    Jan 2002
    Location
    South Suburbs of Chicago
    Posts
    1,613

    Re: Force a domain user to log on to the domain

    Setup the no local logon policy on the workstation (for that user).

    See Local Policies/User Rights Assignment/Deny logon locally

    Although I see the note on that, that the domain policy should override the local policy. Since, it's not working though, give this a try.

  3. #3
    Joined
    Oct 2003
    Posts
    139

    Re: Force a domain user to log on to the domain

    Do you have a local account setup for that user? If so, why?

    The "Deny Logon Locally" option is for Domain AD users only, stating that you DONT want that user to logon to that machine using their AD credentials. This has nothing to do with the local machine accounts.

    I.E... Your Domain = domain.net
    User Account = bob
    Local Workstation name = wk-01

    If you set bob as deny logon locally to wk-01 he cannot logon to that machine using his domain.net account. He should not have any other account in the domain or setup locally for that machine, thus denying him any access to that machine. But, from what I am gathering from your post is he can logon to wk-01 using his AD "bob" account? Please explain as there is something missing from your post.

  4. #4
    Joined
    Dec 2000
    Posts
    5,051

    Re: Force a domain user to log on to the domain

    Far easier way to handle this is to disable the local account on the local machine.

  5. #5
    Joined
    Dec 2001
    Location
    USA
    Posts
    383

    Re: Force a domain user to log on to the domain

    Thanks for the info, I will disable the local account. I just thought I would do it via active directory. Bryan, you have chatted with me a little about this project. I am now to the point of testing and degining the domain. The project was held up a little because almost all the computers were win xp home. Active directory seems to be working well on the newly installed server. The only thing preventing me from putting everything in the domain, I have 2 more computers to change to win xp pro.
    Asus A7N8X 2.0 bios 1005
    Athlon 1700+ w thermalright SLK800U w Artic silver 3
    512 corsair twinx PC2700
    80 gig WD 7200 SE
    ATI Radeon 9500 pro 128
    Pixelview Play TV PVR
    Antec true power 430
    Buslink 52X24X52
    Toshiba 16xDVD
    Win XP Pro SP1

  6. #6
    Joined
    Dec 2000
    Posts
    5,051

    Re: Force a domain user to log on to the domain

    Are you going to add the Windows Update Service ( WUS) to your network?

  7. #7
    Joined
    Jan 2002
    Location
    South Suburbs of Chicago
    Posts
    1,613

    Re: Force a domain user to log on to the domain

    Quote Originally Posted by Bryan
    Far easier way to handle this is to disable the local account on the local machine.
    Yep, absolutely.


    Snicker, I don't know what you and Bryan talked about re: the XP Home machines on the domain. That is of course the "right" way as far as doing upgrades to XP Pro as Uncle Bill wants us to. There is a way to use the XP Home machines by mapping drives to the server with "net use". For example, in a batch file "net use s: \\server\data /user:bob". The user will be prompted for his domain pw and the drive will be mapped. That is pretty useful sometimes and I often offer that as a workaround to customers who mistakenly order Home and then whine about upgrading.

  8. #8
    Joined
    Dec 2000
    Posts
    5,051

    Re: Force a domain user to log on to the domain

    He's intending to use Active Directory and centralized management, hence the move to a full Domain situation.

    What you've just suggested is a file server, which can be done with a single WinXP Pro machine in 10 machine or less enviroment. Still handy for small enviroments.

  9. #9
    Joined
    Jan 2002
    Location
    South Suburbs of Chicago
    Posts
    1,613

    Re: Force a domain user to log on to the domain

    Quote Originally Posted by Bryan
    He's intending to use Active Directory and centralized management, hence the move to a full Domain situation.

    What you've just suggested is a file server, which can be done with a single WinXP Pro machine in 10 machine or less enviroment. Still handy for small enviroments.

    Yep, I agree.

    Though I often walk into client sites where they have a mix of stuff and they say "just make it work" and they don't want to spend a lot of money. I've had to use this trick several times in cases like that.

  10. #10
    Joined
    Dec 2000
    Posts
    5,051

    Re: Force a domain user to log on to the domain

    Almost forgot, local policies trump Domain policies. This allows for creating protected workstation enviroments.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •