How can I prevent someone from logging into the local machine (as opposed to the domain)

Posted on 2005-05-06
Last Modified: 2013-12-04
I've got a user that is getting around the policies that are in effect here by logging into the local pc and not our domain. He is thus able to "detect internet connection automatically" and connect straight through our router instead of the web proxy that's in place.
Question by:dwielgosz
    LVL 57

    Expert Comment

    by:Pete Long
    only allow out the IP address of the web Proxy on either the firewall of the router on TCP Port 80

    Author Comment

    Don't want to totally restrict flow to 1 IP because there are several PCs in my server room that don't like having to go through the web proxy.
    LVL 57

    Expert Comment

    by:Pete Long
    or on the client PC (or through domain policy if this is rife on your network)
    Start > run > Gpedit.msc
    Computer Configuration branch to expand it, and then double-click the Windows Setting branch to expand it.
    Double-click the Security Settings branch to expand it, and then double-click the Local Policies branch to expand it.
    Double-click the User Rights Assignment branch to expand it, double-click the Log On Locally branch to expand it,

    Add in Domain users, and remove all the local groups except Administrators

    job done :)

    Author Comment

    Sounds good except the login that's being used is the local administrator account. Is there a way on the network to set the admin p/w on a local machine? I suppose I could restrict that machine to a static IP and then exclude that address on the cisco router. hahaha another learning curve.
    LVL 10

    Assisted Solution

    login as a Domain Admin and change the admin password, so how he cannot bypass domain security, or disable the account completely.
    LVL 38

    Accepted Solution

    You cannot disable the local admin account. You can however change the password with ease, right-click my computer, go to manage, then right-click "Computer managment (local)" and select "connect to another computer..." typo in the ip or the machine name, then reset the local admin pass, and any others also, he could be using the guest account if it's enabled, the guest account by default has no pass, but is disabled by default. If he's created other accounts, disable them, and reset their pass's.

    Author Comment

    Yes, thank you both. I should have thought of that myself.  I did not want to physically go into that office and change it, I had forgotten about the remote login through "manage". Thought splitting the points was the best solution. The password has been changed already.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now