F
Fraser Dickson
Have you tried to enable to the "Always wait for network
at computer startup and logon".
You can access it under Local Computer Policy - Admin
Templates - System - Logon
By default, Windows XP does not wait for the network to
be fully initialized at startup and logon. Existing users
are logged on using cached credentials, which results in
shorter logon times. Group Policy is applied in the
background once the network becomes available.
Regards,
Fraser - MCP
computer. However, if the user unplugs the network cable
the system lets them in after a couple of error messages
about roaming profiles. Once the logon procedure is
complete the users can do almost anything they want to
the local machine... remove software change administrator
accounts etc.
but it is being ignored.
network cable is unplugged or not.
are forced to authenticate through the network and hence
the GPO restrictions will be in place. Can this be done?
at computer startup and logon".
You can access it under Local Computer Policy - Admin
Templates - System - Logon
By default, Windows XP does not wait for the network to
be fully initialized at startup and logon. Existing users
are logged on using cached credentials, which results in
shorter logon times. Group Policy is applied in the
background once the network becomes available.
Regards,
Fraser - MCP
force which prevent access to certain portions of the-----Original Message-----
Does anyone know of a way of preventing local logon to a machine? Here is the scenario.
The computers are networked and GPO policies are in
computer. However, if the user unplugs the network cable
the system lets them in after a couple of error messages
about roaming profiles. Once the logon procedure is
complete the users can do almost anything they want to
the local machine... remove software change administrator
accounts etc.
roaming profile fails" as I thought this was the problemI have edited the local policy to "Log off user if
but it is being ignored.
groups I denied cannot logon interactively whether theI also tried "Deny logon locally" but then the domain
network cable is unplugged or not.
user when the network cable is unplugged. So that theyWhat I want to achieve is to deny local logon to any
are forced to authenticate through the network and hence
the GPO restrictions will be in place. Can this be done?