kaycee Posted September 29, 2004 Share Posted September 29, 2004 hi therei'm having a windows 2000 domain.i want to limit all access into directories only for domain who does logon into the domain.the problem is that the clients have local administrators on their computers so i cant force them to log into the domain.so these users can access resources with other users username + password.anyone has any idea how to limit it ?(i thought to set permissions for Domain Computers, but old computers account remain in the AD what makes a big mass)please help !Thanks aheadeyal Link to comment Share on other sites More sharing options...
pthomas Posted September 30, 2004 Share Posted September 30, 2004 Why do any of the users have a local admin account? That really takes the point of you being a system admin totally away. If a user needs admin access on a PC, add their domain account to the power users group on the local PC. Don;t make them local admins. Otherwise, if they have a local admin account, you can NOT stop them from loggin on locally or even removing your access from that computer since they are an administrator of that PC. They have to logon to the domain for domain policies to take affect, so even if you had domain restrictions, logging on locally bypasses them. Remove all local admin accounts and make them have to use their domain account to sign onto the computer.You can safely delete old computer names from the domain.Paul Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now