deny logon locally

[T.B.]

This is a re-run: My computer is part of a domain and any
authenticated user can log on to it, which I found
unacceptable. In the local security settings - 'user
rights assignment - log on locally' are mentioned the
admins and the authenticated users. I can't change that
because it's a domain policy. How can I deny anyone's
login (except for local admins), bypassing though our
(stupid) domain settings ?

 

[Mike Brannigan [MSFT]]

T.B.

The point of being in a Domain is that only authenticated users can do this
and access resources that they are given permission to.
If your PC is ruining NTFS as its file system then any normal Domain User
logging on at that machine will not be able to access any of your data or do
anything to that PC (such reconfigure it).
If you do not wish your machine to be part of the Domain then remove it.
The fact that your Domain policy is setting certain things means that
someone else knows what should or should not be allowed to be done with that
PC.
I would seek advice from them - if you believe your PC is "yours" alone and
no one but you should be able to logon at it. That may not sit within your
company policy for machine usage.
--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups