Sergio, That is the approach we are going to take. Write a script to run at start up to delete all local accounts, except administrator, which only we should know the password for.
Do you have any ideas on how to change local account passwords via GPO or remotely? We would like to change the administrator passwords initially, and probably like to change it on a continual basis. Thank you. Joe On 5/16/06, Olivarez, Sergio J Mr CTNOSC/GD-NS <[EMAIL PROTECTED]> wrote:
Yeah, disregard what I said about just leaving Admins on the "allow logon locally" setting, that's my bad. I guess best thing to do would be delete all existing local user accounts. -Sergio -----Original Message----- From: Joe Lagreca [mailto:[EMAIL PROTECTED] Sent: Monday, May 15, 2006 7:33 PM To: [email protected] Subject: Re: [ActiveDir] Is there a way to force users to logon to domain? Al and others, We are retrofitting previously deployed workstations. Some have local logins, while others do not. I was just wondering if there is a way, via GPO, to force all users to log into the domain, instead of giving them the option to log into their local machine. I have been told that "In a GPO set the cached logon setting to "0" and make sure "allow logon locally" is only set to Admins." will not work. However I still need to test this myself. I was told "allow logon locally" will make it so all unlisted users will not be able to login from that workstation, whether its locally or to the domain. I realize their profiles wouldn't copy, and we can deal with that afterwards. Thanks. Joe On 5/15/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > I think you've seen several ways of achieving something similar to > what you've asked for. But I'm curious as to what you really want to > accomplish. You've put something very specific, but what makes you > want to force the logon? What's the backstory? > > Al > > On 5/15/06, Joe Lagreca <[EMAIL PROTECTED]> wrote: > > Is there a way to force users to logon to domain, or to disable loging into > > local computer accounts via GPO? > > > > Thanks. > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
