Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

Login Script

Is there anyway to block a login script from executing on a client machine or is the client machine at the mercy of the domain? Our networks admins set up shares on our local drives giving domain admins full control over our machines.  I hate to have to keep stopping the shares after every boot.

Thnx
-Tmess
0
Tmess
Asked:
Tmess
  • 3
  • 2
  • 2
  • +2
1 Solution
 
SysExpertCommented:
That's what a Domain is intended to do, centrally manage the client machines.

If you are unhappy with the way it is done, speak with your SysAdmin, and ask him to set up a seperate login script for you.

I hope this helps !

0
 
CrazyOneCommented:
I don't know if this is what you are after or not. On the clients machine it is in the Group Policy (gpedit.msc) under Compurer Configuration > Administrative Templates > Network > Network and Dialup = Prohibit configuration of connection sharing.

QUOTE

"Determines whether administrators can enable, disable, and configure the Connection Sharing feature of LAN or RAS connections.

If you enable this policy, the system removes the Sharing tab from the Properties dialog box for a LAN or RAS connection. On Windows 2000 Server, it also removes the Internet Connection Sharing page from the Network Connection wizard.

If you disable this policy, the Sharing tab and Internet Connection Sharing wizard page are displayed.

Connection Sharing lets users configure their system as an Internet gateway for a small network. It provides network services, such as name resolution, to the network.

By default, Connection Sharing is disabled when you create a dial-up connection, but administrators can use the Sharing tab and Internet Connection Sharing wizard page to enable it.

Note: This policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.

Note: LAN Connection Sharing is only available when two or more network interfaces are present.

Note: Non-administrators are already prohibited from configuring Connection Sharing regardless of this policy."

UNQUOTE
--------------------

Also look under  Compurer Configuration > Administrative Templates > Sytem > Logon and Compurer Configuration > Administrative Templates > Sytem > Group Polciy = Scripts policy processing

Also this might help  User Configuration > Administrative Templates > Sytem > Logon/Logoff = Run logon scripts visible.


The Crazy One
0
 
TmessAuthor Commented:
I appreciate your answer Sysexpert however there are other issues at hand. We are all required to purchase our own laptops and therefore I own my laptop not the company.

I have no problem with the domain admins managing my network access however, I do not like the fact that they have full local admin privaledges to my computer.

Crazy One - I will review your comment. Thnx

-Tmess
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
GUEENCommented:
If you bought and paid for this computer there should be some loophole somewhere as to not allowing domain admins local access - that is unless there is compnay-sensitive information on your local HDD? If there isn't (and it is on a network share) - why do they even need local access to your machine?
You are the one who sets up the local shares on your XP machine.
Too see what they can see on your local HDD just open a DOS prompt and  type   net share
it should show you what you have shared on your local HDD.
0
 
SysExpertCommented:
Your other option is to login into a workgroup rather than a Domain.This will allow you more control of what happens.

Please make sure that you are backed up and have an ERD floppy.

Change the login to Workgroup and use the Domain name as the workgroup name.

I hope this helps !
0
 
GUEENCommented:
Sysexpert that is very silly - how will Tmess be able to logon to network shares at work if the domain is changed to a workgroup?  Tmess will not be able to access any network resources aside from what is located on the HDD of the laptop.  
0
 
Corvax021899Commented:
Did you try to disable the Server Service...If you don't want to share anything, then disable the service and they will not be able to access any shares... the only way they would have is to restart the service :-)
0
 
TmessAuthor Commented:
Thnx to all but Corvax is the one I'm going with - quick and dirty but it does the trick. Thnx
0
 
GUEENCommented:
Very well done corvax :)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now