Yeah this is because most if not all of the restricted
logon stuff is handled by the client side, not AD. You need something on the
client to have it follow the rules. Deny access by network is done on the server
side but I don't think that is what you are looking for.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown
Sent: Wednesday, July 20, 2005 11:57 AM
To: [email protected]
Subject: [ActiveDir] Deny logon locally for Macs?
Hi,
I am using the Mac
Active Directory plug-in to authenticate our Macs. I have a group of users
that are allowed access to some network resources but are not allowed to logon
locally to the computers (Mac's OSX or PCs).
I am using a group
policy to control this and it works great on the PCs, but for some reason the
Mac's can still login. Anybody know how to stop this besides disabling the
account?
Thanks,
--
Matt
Brown [EMAIL PROTECTED]
Consultant for Student Technology
Fee
website: http://techfee.ewu.edu/
+--------------------------------------+
|
509.359.6972 ph. - 509.359.7087 fx
| 307 MONROE HALL | Cheney, WA
99004
+--------------------------------------+
