Can I prevent a Domain Controller accepting logon requests?

[Guest]

We have two Domain controllers. Fine

One, however, is misbehaving (for reasons I won’t go into here) and I should like to prevent it accepting logon requests from domain users trying to authenticate (logon)

I could demote it by running DCPROMO, but it is also acting as a DNS server, integrated with AD, so if I remove AD I lose the DNS service too – and we have many machines which are statically set (I know I should have used DHCP!) to refer to this DNS server

So I want to keep DNS going, but not allow it to accept logon authentications

Is there a magic switch, or Policy option, to say ‘do not allow this server to accept logon requests??

Bo

 

[Richard McCall [MSFT]]

Try stopping the netlogon service.

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

We have two Domain controllers. Fine.

One, however, is misbehaving (for reasons I won't go into here) and I

should like to prevent it accepting logon requests from domain users trying
to authenticate (logon).

I could demote it by running DCPROMO, but it is also acting as a DNS

server, integrated with AD, so if I remove AD I lose the DNS service too -
and we have many machines which are statically set (I know I should have
used DHCP!) to refer to this DNS server.

So I want to keep DNS going, but not allow it to accept logon authentications.

Is there a magic switch, or Policy option, to say 'do not allow this

server to accept logon requests???