Is there a way to stop users logging in to the domain.
The reason for wanting this is that when I'm rebooting I sometimes want to stop users logging on after the reboot until I'm happy that any changes I've made are OK.
We are windows server 2003, but we will move to 2008 so will the same solution work.
Back of server - network cable - yoink! Reboot. Test. Plug in?I prefer the low tech approaches :P
If you have a single DC then you could I suppose disable caching of profiles so they'd need to see the server to log in.
Mind you, can you ensure that upon reboot any of the existing users will log out or just "wait" til it comes back?
A bit more info would be helpful.
Create a Security group (eg G Deny Logon)
Edit the relevant group policy (I used the Default Domain Policy ) -> Computer Configuration -> Policies* -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
*If using Windows 2008
Find the "Deny Logon Locally" policy, enable it and add in your security group
Repeat for "Deny Logon through Terminal Services" if you use Terminal Services..
Refresh Group Policy & reboot.
Now whenever you add a user to that group they will not be able to logon to the domain
But with that you're factoring in the time taken to add "Everyone" to it and for this policy to be handed down to local clients as once the server is rebooting the local client can't find the server!
Ah... classic case of not reading the OP fully first
What about killing the netlogon service?
I have been told if you stop the netlogon service it will stop people logging on. Not tried it myself.
Z
Wow some really imaginative and long winded ways here!
If you go into Services and stop the "Net Logon" service on all domain controllers it will stop anyone logging on. (though it won't kick anyone off that is already logged on)
Butuz
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote