How do you do....it? Thread, Preventing Logon when domain not available in Technical; I'm trying to sort out some issues I'm having with logons and roaming profiles.
The staff have two accounts - ...
27th November 2008, 11:40 AM #1
Preventing Logon when domain not available
I'm trying to sort out some issues I'm having with logons and roaming profiles.
The staff have two accounts - one for the school network and one for home use.
I'm trying to get them out of the idea of using their network login at home - simply because they're not at home.
I've modified the Group Policy to log off the machine if it cannot load the profile from the network. This works fine on a "clean" machine.
But if there is a cached profile already on there it logs them on.
This causes us a regular problem of calls saying "I cannot see my H drive" or "cannot see the shared areas" because they've not plugged in the network cable and got a cached login and the login scripts haven't mapped the drives.
I'm reluctant to enable the "delete cached profiles at logoff" policy setting because some staff have large profiles and won't change the way they work, despite us removing all access to My Documents.
I've also tried to implement mandatory profiles but this also didn't go down well. The problem is that the network has not been securely locked down by my predecessor and I can't get any support for them to come around to my way of thinking and the way things have been in my previous schools.
27th November 2008, 11:51 AM #2
I may have found an appropriate GP setting:
Computer Configuration - Windows Settings - Security Settings - Local Policies/User Rights Assignment - Allow log on locally
I've set this to just let Administrators log on.
EDIT: Scratch that. It didn't allow any staff to logon!
Last edited by Gibbo; 27th November 2008 at 12:00 PM.
27th November 2008, 12:59 PM #3
- Rep Power
You can try this Group Policy item
Computer Configuration-> Windows Settings -> Security settings -> Local policies -> Security Options -> Interactive Logon : Number of previous logons to cache
Set to zero and Windows won't be able to log them on if they're not connected to the network. I would assume it will let local accounts login. Best to test first!
Thanks to craiglay from:
Gibbo (27th November 2008)
27th November 2008, 03:52 PM #4
Thanks, I'll give that a bash.
Update: That seems to have done the trick. If there's no network (either wired or wireless) I just get DOMAIN NOT AVAILABLE - which is exactly what I wanted. I had this running at a previous school but it was 2003 when the policy was implemented!
Last edited by Gibbo; 27th November 2008 at 08:21 PM.
By link470 in forum Windows
Last Post: 2nd November 2009, 06:21 PM
By SimpleSi in forum Windows
Last Post: 5th May 2007, 11:27 AM
By plexer in forum Wireless Networks
Last Post: 20th October 2006, 02:55 PM
By krisd32 in forum Windows
Last Post: 20th September 2006, 03:58 PM
By raictman in forum Wireless Networks
Last Post: 6th March 2006, 01:05 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)