Domain Logon

Microsoft Windows server 2003 r2 standar...
June 17, 2010 at 16:14:51
Specs: Windows XP
Hi,

ok how can I make it so no other people can log into my pc? When I leave work for the day I leave my pc on so I can log in at home and work.

Countless times another user has been onto my pc logged on as themselves and wiped our my session. How can I lock my pc so only my profile is allowed to log in. Even if a domain admin attempts to log in my pc? I'm a domain admin by the way.

Starting to annoy me and I dont want to resort to voilence!

Thanks


See More: Domain Logon

Report •

#1
June 18, 2010 at 04:08:52
Put a giant poster that says the exact same thing as above, or disconnect your screen and keyboard ;)

To my knowledge there are no way of locking out a domain admin from a client. If he'd really want in, that is. The whole idea is that he always should be able to log in, in case the user forgot his or her login etc.


Report •

#2
June 18, 2010 at 06:20:38
"To my knowledge there are no way of locking out a domain admin from a client. "

Well, yes and no. Domain Admins group is added to the local administrators group of domain pcs. You can remove it from the local admin group, thereby removing Domain Admins as administrators. But any domain admin worth his title could set up a script or policy that would just add it back in. So ultimately, you are right, you can't lock a domain admin out. But you can make it more difficult.

As for non-domain admins, you can do it with the local policy on the computer. Be careful though, as you could also lock yourself out.

Depending on the OS, the default groups that can log on to a computer locally are Administrator, Backup Operators, Guest, and Users. The local group Users on your computer also contains 'Domain User' which is why anyone can log in.

In the local group policy, you can go into Computer Configuration, Windows Settings,Security Settings, Local Policies, User Rights Assignments and look at the setting for 'Allow log on locally.' That determines who and what groups can log on locally.

Again, be careful. If you remove the Users group and you are not part of another group that allows logon, like Administrators, you could lock yourself out.

Good luck.


Report •

#3
July 16, 2010 at 02:14:59
dear friend..........

i think it can be done from the 'Managed by' menu in Active Directory Users and Computers.

well you would have more knowledge than me but if i can help then the way is.......

goto Active Directory Users and Computers
then in Computers :-
goto Properties of your computer listed
select 'Managed By' Tab
and select the user who want to manage that system....
now no one else can login to that system.

Umesh


Report •
Related Solutions


Ask Question