Jump to content

access only for users who connect to domain


Recommended Posts

hi there

i'm having a windows 2000 domain.

i want to limit all access into directories only for domain who does logon into the domain.

the problem is that the clients have local administrators on their computers so i cant force them to log into the domain.

so these users can access resources with other users username + password.

anyone has any idea how to limit it ?

(i thought to set permissions for Domain Computers, but old computers account remain in the AD what makes a big mass)

please help !

Thanks ahead


Link to comment
Share on other sites

Why do any of the users have a local admin account? That really takes the point of you being a system admin totally away.

If a user needs admin access on a PC, add their domain account to the power users group on the local PC. Don;t make them local admins. Otherwise, if they have a local admin account, you can NOT stop them from loggin on locally or even removing your access from that computer since they are an administrator of that PC. They have to logon to the domain for domain policies to take affect, so even if you had domain restrictions, logging on locally bypasses them.

Remove all local admin accounts and make them have to use their domain account to sign onto the computer.

You can safely delete old computer names from the domain.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...