+ Post New Thread
Results 1 to 4 of 4
How do you do....it? Thread, Preventing Logon when domain not available in Technical; I'm trying to sort out some issues I'm having with logons and roaming profiles. The staff have two accounts - ...
  1. #1
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    916
    Thank Post
    210
    Thanked 346 Times in 239 Posts
    Rep Power
    93

    Preventing Logon when domain not available

    I'm trying to sort out some issues I'm having with logons and roaming profiles.

    The staff have two accounts - one for the school network and one for home use.

    I'm trying to get them out of the idea of using their network login at home - simply because they're not at home.

    I've modified the Group Policy to log off the machine if it cannot load the profile from the network. This works fine on a "clean" machine.

    But if there is a cached profile already on there it logs them on.

    This causes us a regular problem of calls saying "I cannot see my H drive" or "cannot see the shared areas" because they've not plugged in the network cable and got a cached login and the login scripts haven't mapped the drives.

    I'm reluctant to enable the "delete cached profiles at logoff" policy setting because some staff have large profiles and won't change the way they work, despite us removing all access to My Documents.

    I've also tried to implement mandatory profiles but this also didn't go down well. The problem is that the network has not been securely locked down by my predecessor and I can't get any support for them to come around to my way of thinking and the way things have been in my previous schools.

    TIA

  2. #2
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    916
    Thank Post
    210
    Thanked 346 Times in 239 Posts
    Rep Power
    93
    I may have found an appropriate GP setting:

    Computer Configuration - Windows Settings - Security Settings - Local Policies/User Rights Assignment - Allow log on locally

    I've set this to just let Administrators log on.

    EDIT: Scratch that. It didn't allow any staff to logon!
    Last edited by Gibbo; 27th November 2008 at 11:00 AM.

  3. #3

    Join Date
    Feb 2007
    Location
    Norfolk
    Posts
    137
    Thank Post
    2
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    You can try this Group Policy item

    Computer Configuration-> Windows Settings -> Security settings -> Local policies -> Security Options -> Interactive Logon : Number of previous logons to cache

    Set to zero and Windows won't be able to log them on if they're not connected to the network. I would assume it will let local accounts login. Best to test first!

    Craig

  4. Thanks to craiglay from:

    Gibbo (27th November 2008)

  5. #4
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    916
    Thank Post
    210
    Thanked 346 Times in 239 Posts
    Rep Power
    93
    Thanks, I'll give that a bash.

    Update: That seems to have done the trick. If there's no network (either wired or wireless) I just get DOMAIN NOT AVAILABLE - which is exactly what I wanted. I had this running at a previous school but it was 2003 when the policy was implemented!
    Last edited by Gibbo; 27th November 2008 at 07:21 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 15
    Last Post: 2nd November 2009, 05:21 PM
  2. Domain Logon with Laptops
    By SimpleSi in forum Windows
    Replies: 15
    Last Post: 5th May 2007, 10:27 AM
  3. Wireless Domain Logon
    By plexer in forum Wireless Networks
    Replies: 2
    Last Post: 20th October 2006, 01:55 PM
  4. Replies: 8
    Last Post: 20th September 2006, 02:58 PM
  5. wireless domain logon
    By raictman in forum Wireless Networks
    Replies: 16
    Last Post: 6th March 2006, 12:05 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •