M
Mark Scott
I work at a school whcih has a MIS application for use by all staff. This
MIS application has roots in DOS and has sections in Windows, SQL and .net,
basically an administrative nightmare!
I have been asked by the finance officer to restrict logons to management
stations, I acheived this by making a group and applying group policy to the
OU in question. This works a treat, or at least I thought it did.....
The MIS package needs its users to have local administrative access to the
workstations and this, again, has been implemented via group policy.
Unfortunately there is a nasty side effect - any person, even if they have
been denied local access to the workstation, can unlock a locked session and
loose unsaved work.
How can I sort this situation so that only people with the correct domain
permissions can unlock the workstation (ie, those who are denied access via
domain policy are not then allowed to unlock the station?)
Regards
Mark
MIS application has roots in DOS and has sections in Windows, SQL and .net,
basically an administrative nightmare!
I have been asked by the finance officer to restrict logons to management
stations, I acheived this by making a group and applying group policy to the
OU in question. This works a treat, or at least I thought it did.....
The MIS package needs its users to have local administrative access to the
workstations and this, again, has been implemented via group policy.
Unfortunately there is a nasty side effect - any person, even if they have
been denied local access to the workstation, can unlock a locked session and
loose unsaved work.
How can I sort this situation so that only people with the correct domain
permissions can unlock the workstation (ie, those who are denied access via
domain policy are not then allowed to unlock the station?)
Regards
Mark