Solved

Login Script

Posted on 2002-04-24
9
213 Views
Last Modified: 2010-04-13
Is there anyway to block a login script from executing on a client machine or is the client machine at the mercy of the domain? Our networks admins set up shares on our local drives giving domain admins full control over our machines.  I hate to have to keep stopping the shares after every boot.

Thnx
-Tmess
0
Comment
Question by:Tmess
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6966911
That's what a Domain is intended to do, centrally manage the client machines.

If you are unhappy with the way it is done, speak with your SysAdmin, and ask him to set up a seperate login script for you.

I hope this helps !

0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6966941
I don't know if this is what you are after or not. On the clients machine it is in the Group Policy (gpedit.msc) under Compurer Configuration > Administrative Templates > Network > Network and Dialup = Prohibit configuration of connection sharing.

QUOTE

"Determines whether administrators can enable, disable, and configure the Connection Sharing feature of LAN or RAS connections.

If you enable this policy, the system removes the Sharing tab from the Properties dialog box for a LAN or RAS connection. On Windows 2000 Server, it also removes the Internet Connection Sharing page from the Network Connection wizard.

If you disable this policy, the Sharing tab and Internet Connection Sharing wizard page are displayed.

Connection Sharing lets users configure their system as an Internet gateway for a small network. It provides network services, such as name resolution, to the network.

By default, Connection Sharing is disabled when you create a dial-up connection, but administrators can use the Sharing tab and Internet Connection Sharing wizard page to enable it.

Note: This policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.

Note: LAN Connection Sharing is only available when two or more network interfaces are present.

Note: Non-administrators are already prohibited from configuring Connection Sharing regardless of this policy."

UNQUOTE
--------------------

Also look under  Compurer Configuration > Administrative Templates > Sytem > Logon and Compurer Configuration > Administrative Templates > Sytem > Group Polciy = Scripts policy processing

Also this might help  User Configuration > Administrative Templates > Sytem > Logon/Logoff = Run logon scripts visible.


The Crazy One
0
 
LVL 6

Author Comment

by:Tmess
ID: 6966955
I appreciate your answer Sysexpert however there are other issues at hand. We are all required to purchase our own laptops and therefore I own my laptop not the company.

I have no problem with the domain admins managing my network access however, I do not like the fact that they have full local admin privaledges to my computer.

Crazy One - I will review your comment. Thnx

-Tmess
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 16

Expert Comment

by:GUEEN
ID: 6967043
If you bought and paid for this computer there should be some loophole somewhere as to not allowing domain admins local access - that is unless there is compnay-sensitive information on your local HDD? If there isn't (and it is on a network share) - why do they even need local access to your machine?
You are the one who sets up the local shares on your XP machine.
Too see what they can see on your local HDD just open a DOS prompt and  type   net share
it should show you what you have shared on your local HDD.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6967531
Your other option is to login into a workgroup rather than a Domain.This will allow you more control of what happens.

Please make sure that you are backed up and have an ERD floppy.

Change the login to Workgroup and use the Domain name as the workgroup name.

I hope this helps !
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 6967554
Sysexpert that is very silly - how will Tmess be able to logon to network shares at work if the domain is changed to a workgroup?  Tmess will not be able to access any network resources aside from what is located on the HDD of the laptop.  
0
 
LVL 3

Accepted Solution

by:
Corvax021899 earned 200 total points
ID: 6969915
Did you try to disable the Server Service...If you don't want to share anything, then disable the service and they will not be able to access any shares... the only way they would have is to restart the service :-)
0
 
LVL 6

Author Comment

by:Tmess
ID: 6970072
Thnx to all but Corvax is the one I'm going with - quick and dirty but it does the trick. Thnx
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 6970117
Very well done corvax :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Direct mail marketing is the act of mailing materials straight to prospective customers. This wide form of marketing is one of the oldest methods of communicating with a geographic based demographic. So is it useful in 2017 and beyond?
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question