Security Basics mailing list archives
RE: Log on the domain
From: "Rusty Morgan" <RMorgan () mbaj com>
Date: Wed, 16 Apr 2003 08:48:03 -0400
David, I think you are correct about the log on locally issue. Meaning that it controls whether they can log into the console of the server. Regarding JS's issue I have not been able to find a policy or setting that will do what you want in NT/2000. As someone mentioned previously in Win98 you can use the Policy Editor to force a domain login. They also mentioned that it was not a foolproof method for keeping them out. To keep my users from logging in locally I don't create any local accounts and the admin password it unknown to them. That password could always be cracked, but overall this seems to be the easiest way to accomplish what you want. Rusty -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Tuesday, April 15, 2003 7:13 PM To: 'J.S'; security-basics () securityfocus com Subject: RE: Log on the domain
-----Original Message----- From: J.S [mailto:mwharbi () hotmail com] To: security-basics () securityfocus com How can we enforce the users log on to domain? I mean: Users can not access computer using admin or any other account, must log on the domain controller. Is there any policy to do that?
I've always interpreted the "Log on locally" policy as determining whether a given user account can be used from the "console" keyboard and monitor; i.e., an account without this right can only be used to access the machine remotely. I may have misunderstood that, since multiple people seem to think it's what you want. I don't think there is a way to lock out all local access. But with Windows 2000 policies, you *can* prevent them from accessing any network resources that are part of your domain structure. Is that good enough? (With NT domains, they can have access if their local account name and password matches a domain account and password that has access.) David Gillett --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Re: Log on the domain Chris Berry (Apr 15)
- <Possible follow-ups>
- RE: Log on the domain Lachlan McGill (Apr 15)
- Re: Log on the domain Chee Heng Chin (Apr 15)
- RE: Log on the domain Rusty Morgan (Apr 16)
- RE: Log on the domain marc (Apr 17)
- RE: Log on the domain Security News (Apr 17)
- RE: Log on the domain dave (Apr 21)