G
Guest
Hi
We have a number of logon scripts that are executed anytime someone logs in to the domain. One of these, uses the current logon user's access (all of our users are local admins to their own machine) to add certain domain groups (domain-admin, help, etc.) to the local Administrators groups
Because of security concerns, our DBAs would like to prevent this from happening on selected Windows 2000 and 2003 servers. Rather than putting conditional statements in the scripts and having the DBAs constantly visit Network Engineers anytime a change is needed, I was hoping there was a way to allow the DBAs to block the process via some local policy setting on each server. The DBAs are Administrators on the servers they manage
Any ideas
Thanks
We have a number of logon scripts that are executed anytime someone logs in to the domain. One of these, uses the current logon user's access (all of our users are local admins to their own machine) to add certain domain groups (domain-admin, help, etc.) to the local Administrators groups
Because of security concerns, our DBAs would like to prevent this from happening on selected Windows 2000 and 2003 servers. Rather than putting conditional statements in the scripts and having the DBAs constantly visit Network Engineers anytime a change is needed, I was hoping there was a way to allow the DBAs to block the process via some local policy setting on each server. The DBAs are Administrators on the servers they manage
Any ideas
Thanks