Ryan Miller Posted May 18, 2005 Share Posted May 18, 2005 I have a question regarding 2003 Enterprise.What I would like is- when my users log on to the network they will always log on to the network. In other words, I don't want them logging on to the machine if the server is down, etc.I created a test user with the username john.doe. With the server still online I logged on to a remote workstation.I shut down the server and logged off of that remote workstation. I typed john.doe in the username box with the correct password and it allowed me to log in. (Even though the server was off.)Granted, the user could not use the internet, get their files, etc..- I still don't want them logging in when the server down.Is there a way to restrict this with group policy?Any help would be great. I'm stumped on this one. Link to comment Share on other sites More sharing options...
valter Posted May 19, 2005 Share Posted May 19, 2005 Yes, enable Always wait for the network at computer startup and logon GPO located in Administrative Templates\System\Logon ... this should prevent users getting "Press CTRL-ALT-DELETE" dialog before workstation communicate with AD ... Link to comment Share on other sites More sharing options...
Ryan Miller Posted May 19, 2005 Author Share Posted May 19, 2005 Thank you. Link to comment Share on other sites More sharing options...
jondercik Posted May 19, 2005 Share Posted May 19, 2005 Disable cached credentials as well. Link to comment Share on other sites More sharing options...
valter Posted May 19, 2005 Share Posted May 19, 2005 You're very welcome Link to comment Share on other sites More sharing options...
Ryan Miller Posted May 20, 2005 Author Share Posted May 20, 2005 Silly me. I forgot to include this in my original post. Is there a way to restrict the use of Computer Management?As in using it from Administrative Tools or right clicking on My Computer and clicking Manage. Link to comment Share on other sites More sharing options...
valter Posted May 20, 2005 Share Posted May 20, 2005 If the user is not administrator he/she can't use computer management anyway ... I don't think what you ask is possible to be done via GPO, but I think you might want to try MS TweakUI Link to comment Share on other sites More sharing options...
Ryan Miller Posted May 20, 2005 Author Share Posted May 20, 2005 In the policy I have added the group of users to the "users" group - which should restrict them from using Computer Management.But adding them to that group didn't have any effect. They can't install software anymore, etc - but they still can access Computer Management. Looked into TweakUI, but there is no setting there for it. Link to comment Share on other sites More sharing options...
valter Posted May 20, 2005 Share Posted May 20, 2005 But even if they can access it, they can't do anything ... what ever they try to do, they will receive Access denied ... Link to comment Share on other sites More sharing options...
jondercik Posted May 20, 2005 Share Posted May 20, 2005 Set the NTFS permissions on the compmgmt.msc so they dont have access. Link to comment Share on other sites More sharing options...
Ryan Miller Posted May 20, 2005 Author Share Posted May 20, 2005 They can stop system services. (to klasika.)Is there a way to set the NTFS permissions with a log in script? And what and how do I set the permissions? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now