Michael.Patten Posted January 5, 2005 Share Posted January 5, 2005 I know it's a bit of a wild one, but i want to restrict my users from being able to change their login domain, and can't find instructions anywhere on how to remove the This Computer local domain from the logon screen. As a part of my Unattend i am already adding a domain group to the local admin's group, so all user's get admin rights to every computer (all but the bare essential profile data is stored on the local computer).Does anyone have any idea how to either remove or "hide" the above from the logon screen? Link to comment Share on other sites More sharing options...
Michael.Patten Posted January 5, 2005 Author Share Posted January 5, 2005 The only way i know how to not have any options on the logon screen is with a workgroup, but don't want to step backwards with security.Hopefully someone out there has come across this issue.I'm going to be removing the cacheing of logons, as i don't want the user's to be able to log on without authenticating with the server, and I don't want the users to be able to create user's.I guess the better way of doing what i want is to "Hide" the additional logon domain option... and assign the users "power user" access... but i know that will have (management based) implications... i'm sure you all know what i mean... Link to comment Share on other sites More sharing options...
FAT64 Posted January 5, 2005 Share Posted January 5, 2005 Can you simply deny them the "Logon locally" in Group Policy? Link to comment Share on other sites More sharing options...
Michael.Patten Posted January 7, 2005 Author Share Posted January 7, 2005 Yeah, I can, and only let the localadmin account log on locally... that might be a doer - just have to make sure no-one changes their logon domain... Link to comment Share on other sites More sharing options...
Richard Slater Posted January 7, 2005 Share Posted January 7, 2005 It would be really nice if MS did implement, a group policy to restrict the Domain drop down box, the number of call outs I get due to people choosing the wrong thing thing in the Domain box, or not understanding that although they are sitting infront of a computer they can't log on to "This Machine". Link to comment Share on other sites More sharing options...
FAT64 Posted January 7, 2005 Share Posted January 7, 2005 Has this been dealt with in Windows 2003 Server Group Policy perhaps? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now