+ Post New Thread
Results 1 to 8 of 8
Windows Server 2000/2003 Thread, Stop Users Logging In to Domain in Technical; Is there a way to stop users logging in to the domain. The reason for wanting this is that when ...
  1. #1
    moggy's Avatar
    Join Date
    Nov 2007
    Location
    Derbyshire
    Posts
    114
    Thank Post
    14
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Stop Users Logging In to Domain

    Is there a way to stop users logging in to the domain.

    The reason for wanting this is that when I'm rebooting I sometimes want to stop users logging on after the reboot until I'm happy that any changes I've made are OK.

    We are windows server 2003, but we will move to 2008 so will the same solution work.

  2. #2

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    Back of server - network cable - yoink! Reboot. Test. Plug in? I prefer the low tech approaches :P

  3. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,685
    Thank Post
    352
    Thanked 794 Times in 714 Posts
    Rep Power
    346
    If you have a single DC then you could I suppose disable caching of profiles so they'd need to see the server to log in.

    Mind you, can you ensure that upon reboot any of the existing users will log out or just "wait" til it comes back?

    A bit more info would be helpful.

  4. #4

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498
    Create a Security group (eg G Deny Logon)
    Edit the relevant group policy (I used the Default Domain Policy ) -> Computer Configuration -> Policies* -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment

    *If using Windows 2008

    Find the "Deny Logon Locally" policy, enable it and add in your security group
    Repeat for "Deny Logon through Terminal Services" if you use Terminal Services..

    Refresh Group Policy & reboot.

    Now whenever you add a user to that group they will not be able to logon to the domain

  5. #5


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,685
    Thank Post
    352
    Thanked 794 Times in 714 Posts
    Rep Power
    346
    But with that you're factoring in the time taken to add "Everyone" to it and for this policy to be handed down to local clients as once the server is rebooting the local client can't find the server!

  6. #6

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,644
    Thank Post
    858
    Thanked 645 Times in 428 Posts
    Rep Power
    498
    Ah... classic case of not reading the OP fully first
    What about killing the netlogon service?

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,779
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    I have been told if you stop the netlogon service it will stop people logging on. Not tried it myself.

    Z

  8. #8
    Butuz's Avatar
    Join Date
    Feb 2007
    Location
    Wales, UK
    Posts
    1,579
    Thank Post
    211
    Thanked 220 Times in 176 Posts
    Rep Power
    62
    Wow some really imaginative and long winded ways here!

    If you go into Services and stop the "Net Logon" service on all domain controllers it will stop anyone logging on. (though it won't kick anyone off that is already logged on)

    Butuz

SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] Logging Users Off and Time Outs SIMS
    By Grommit in forum MIS Systems
    Replies: 27
    Last Post: 18th January 2012, 01:30 PM
  2. Citrix / Stop users logging on for maintenance
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 9
    Last Post: 3rd October 2008, 09:09 PM
  3. Blocking users logging into the network on another workstati
    By faza in forum How do you do....it?
    Replies: 2
    Last Post: 20th July 2007, 07:14 AM
  4. Stop users closing bat/cmd shell at logon
    By apeo in forum How do you do....it?
    Replies: 10
    Last Post: 8th May 2007, 12:37 PM
  5. 1 Domain + 1 domain + syncronised users = possible?
    By tarquel in forum Wireless Networks
    Replies: 52
    Last Post: 30th October 2006, 02:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •