G
Guest
Windows 2000 server with Active Directory, WIndows XP workstations with SP2.
Polices are not applied to the workstations if the Active Directory User
does not have an account on the local machine. The user can log into active
directory, has the correct rights on the server, gets his correct profile,
but restrictions put in place in Group Policies are not applied. The user
therefore can access the C: drive of his local computer and do all kinds of
damaging stuff. (this is in a school type environment)
If I add an account to the local machine for the Active Directory User
(user.activedirectory) the policy is applied. Must I manually add all of our
users to all of the machines in order to prevent them from accessing the
local computer and messing them up?
As a seperate issue, is there a way to force users to log into Active
Directory at startup and not give them the choice of logging into the local
machine?
Thanks,
Tim Sanders, BSEET, CNE
Polices are not applied to the workstations if the Active Directory User
does not have an account on the local machine. The user can log into active
directory, has the correct rights on the server, gets his correct profile,
but restrictions put in place in Group Policies are not applied. The user
therefore can access the C: drive of his local computer and do all kinds of
damaging stuff. (this is in a school type environment)
If I add an account to the local machine for the Active Directory User
(user.activedirectory) the policy is applied. Must I manually add all of our
users to all of the machines in order to prevent them from accessing the
local computer and messing them up?
As a seperate issue, is there a way to force users to log into Active
Directory at startup and not give them the choice of logging into the local
machine?
Thanks,
Tim Sanders, BSEET, CNE