network user logon security

By bogunyemi ·
It seems to be an easy one, but time factor.

Anyone with an easy solution on how to prevent network users (with roaming profiles) from logging on to workstations, when they are not connected to the server?

If possible, can this be implemented from the server, and not in the local security settings of each workstation.

That's all.
More info that may/may not be relevant.

I administer a Windows 2003 client-server network. Some users are able to log to workstations with their network credentials, when the server is not available. All workstations run Windows XP Professional.

The preferred solution is that users are not able to logon, when the network/server is not available. Else, I keep getting calls "What happened to my desktop, my settings, etc?" only to discover that the workstation is not connected.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Prevent logon to Windows domain using cached account information

by HCream In reply to network user logon securi ...

1. From the client's XP, go to Control Panel, Administrative Tools, Local Security Policy, Security Settings, Local Policies, Security Options.
2. On the right panel, locate the policy that is "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
3. Change the default value from 10 to 0.

If the domain controller is unavailable and a user is trying to logon, the user is prompted with this message:

"The system cannot log you on now because the domain <DOMAIN_NAME> is not available."

Related Discussions

Related Forums