Access policy

[Jerry]

Hi

Is there any way to force users using their domain
accounts instead of local account to access the network?

Thanks

Jerry

 

[Dmitry Korolyov [MVP]]

Configure a security policy (through Group Policies) on all computers in the
domain makins that so only domain accounts have interavtive logon privilege.
For example, you can remove default "Authenticated Users", "Everyone" and
"Users" groups from that privilege, and assign it to Domain Users instead.
Since all domain user accounts are members of this group, they will be able
to log on, and local accounts which are not members, will not.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


Hi

Is there any way to force users using their domain
accounts instead of local account to access the network?

Thanks

Jerry

 

[Jerry]

Thanks fo the reply.

Isn't there a way to do from the DC and apply it to all
the machines or the machines tha I choose ?

Regards

 

[Guest]

Group Policy.
Create a GPO and apply it to a container that has all the computers you want
this setting to take effect on.

--
James Brandt [MSFT]

Thanks fo the reply.

Isn't there a way to do from the DC and apply it to all
the machines or the machines tha I choose ?

Regards

-----Original Message-----
Configure a security policy (through Group Policies) on all computers in the
domain makins that so only domain accounts have interavtive logon privilege.
For example, you can remove default "Authenticated Users", "Everyone" and
"Users" groups from that privilege, and assign it to Domain Users instead.
Since all domain user accounts are members of this group, they will be able
to log on, and local accounts which are not members, will not.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


Hi

Is there any way to force users using their domain
accounts instead of local account to access the network?

Thanks

Jerry

 

[Jerry]

Sorry, I don't know how and where to create this GPO.
Can you please help me do this. The Administrator had
suddenly left us.

Thanks a lot.

Jerry

-----Original Message-----
Group Policy.
Create a GPO and apply it to a container that has all the computers you want
this setting to take effect on.

--
James Brandt [MSFT]

Thanks fo the reply.

Isn't there a way to do from the DC and apply it to all
the machines or the machines tha I choose ?

Regards

-----Original Message-----
Configure a security policy (through Group Policies) on all computers in the
domain makins that so only domain accounts have interavtive logon privilege.
For example, you can remove default "Authenticated Users", "Everyone" and
"Users" groups from that privilege, and assign it to Domain Users instead.
Since all domain user accounts are members of this group, they will be able
to log on, and local accounts which are not members, will not.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


"Jerry" <[email protected]> wrote

in
message

Hi

Is there any way to force users using their domain
accounts instead of local account to access the network?

Thanks

Jerry

.

 

[Dmitry Korolyov [MVP]]

If you have Windows 2000 DCs, you can create and manage GPOs from AD Users
and Computers console. Go to the properties of an OU, select Group Policy
tab, and click New to create new object. Then Edit it to configure settings.
on Windows 2003, you can install GPMC and benefit from its advanced
interface that allows you to create and manage GPO in a more efficient way.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


Sorry, I don't know how and where to create this GPO.
Can you please help me do this. The Administrator had
suddenly left us.

Thanks a lot.

Jerry

-----Original Message-----
Group Policy.
Create a GPO and apply it to a container that has all the computers you want
this setting to take effect on.

--
James Brandt [MSFT]

Thanks fo the reply.

Isn't there a way to do from the DC and apply it to all
the machines or the machines tha I choose ?

Regards

-----Original Message-----
Configure a security policy (through Group Policies) on all computers in the
domain makins that so only domain accounts have interavtive logon privilege.
For example, you can remove default "Authenticated Users", "Everyone" and
"Users" groups from that privilege, and assign it to Domain Users instead.
Since all domain user accounts are members of this group, they will be able
to log on, and local accounts which are not members, will not.

--
Dmitry Korolyov [[email protected]]
MVP: Windows Server - Active Directory


"Jerry" <[email protected]> wrote

in
message

Hi

Is there any way to force users using their domain
accounts instead of local account to access the network?

Thanks

Jerry

.