Solved

Login Script

Posted on 2002-04-24
9
210 Views
Last Modified: 2010-04-13
Is there anyway to block a login script from executing on a client machine or is the client machine at the mercy of the domain? Our networks admins set up shares on our local drives giving domain admins full control over our machines.  I hate to have to keep stopping the shares after every boot.

Thnx
-Tmess
0
Comment
Question by:Tmess
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6966911
That's what a Domain is intended to do, centrally manage the client machines.

If you are unhappy with the way it is done, speak with your SysAdmin, and ask him to set up a seperate login script for you.

I hope this helps !

0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6966941
I don't know if this is what you are after or not. On the clients machine it is in the Group Policy (gpedit.msc) under Compurer Configuration > Administrative Templates > Network > Network and Dialup = Prohibit configuration of connection sharing.

QUOTE

"Determines whether administrators can enable, disable, and configure the Connection Sharing feature of LAN or RAS connections.

If you enable this policy, the system removes the Sharing tab from the Properties dialog box for a LAN or RAS connection. On Windows 2000 Server, it also removes the Internet Connection Sharing page from the Network Connection wizard.

If you disable this policy, the Sharing tab and Internet Connection Sharing wizard page are displayed.

Connection Sharing lets users configure their system as an Internet gateway for a small network. It provides network services, such as name resolution, to the network.

By default, Connection Sharing is disabled when you create a dial-up connection, but administrators can use the Sharing tab and Internet Connection Sharing wizard page to enable it.

Note: This policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.

Note: LAN Connection Sharing is only available when two or more network interfaces are present.

Note: Non-administrators are already prohibited from configuring Connection Sharing regardless of this policy."

UNQUOTE
--------------------

Also look under  Compurer Configuration > Administrative Templates > Sytem > Logon and Compurer Configuration > Administrative Templates > Sytem > Group Polciy = Scripts policy processing

Also this might help  User Configuration > Administrative Templates > Sytem > Logon/Logoff = Run logon scripts visible.


The Crazy One
0
 
LVL 6

Author Comment

by:Tmess
ID: 6966955
I appreciate your answer Sysexpert however there are other issues at hand. We are all required to purchase our own laptops and therefore I own my laptop not the company.

I have no problem with the domain admins managing my network access however, I do not like the fact that they have full local admin privaledges to my computer.

Crazy One - I will review your comment. Thnx

-Tmess
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 6967043
If you bought and paid for this computer there should be some loophole somewhere as to not allowing domain admins local access - that is unless there is compnay-sensitive information on your local HDD? If there isn't (and it is on a network share) - why do they even need local access to your machine?
You are the one who sets up the local shares on your XP machine.
Too see what they can see on your local HDD just open a DOS prompt and  type   net share
it should show you what you have shared on your local HDD.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 63

Expert Comment

by:SysExpert
ID: 6967531
Your other option is to login into a workgroup rather than a Domain.This will allow you more control of what happens.

Please make sure that you are backed up and have an ERD floppy.

Change the login to Workgroup and use the Domain name as the workgroup name.

I hope this helps !
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 6967554
Sysexpert that is very silly - how will Tmess be able to logon to network shares at work if the domain is changed to a workgroup?  Tmess will not be able to access any network resources aside from what is located on the HDD of the laptop.  
0
 
LVL 3

Accepted Solution

by:
Corvax021899 earned 200 total points
ID: 6969915
Did you try to disable the Server Service...If you don't want to share anything, then disable the service and they will not be able to access any shares... the only way they would have is to restart the service :-)
0
 
LVL 6

Author Comment

by:Tmess
ID: 6970072
Thnx to all but Corvax is the one I'm going with - quick and dirty but it does the trick. Thnx
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 6970117
Very well done corvax :)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Owning a franchise can be the dream of a lifetime. It provides a chance for economic growth. You can be as successful as you want.  To make your franchise successful, you need to market it successfully. Here are six of the best marketing strategies …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now