Solved

Disable Cross-Domain Logins

Posted on 2007-04-02
2
197 Views
Last Modified: 2010-04-18
The organization has one parent domain and three child domains.
In these domains, there are a few location specific "generic" logins for multiple users to share.
How do I disable logins between child domains on a specific set of computers. For example: If Computer1 is joined to child DomainA... how do I disable users on a Computer2 in child DomainB from logging in using credentials in DomainA? Basically, I don't want them to be able to hit the drop-down box and choose a domain other than the one the PC is joined to.

Thanks,
0
Comment
Question by:sometechguy
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18839017
You cannot remove a partial list of trusted domains from the drop-down box. If you wanted to pursue this option, you would need to make a Registry change on your clients that would disable the drop-down entirely; your users would need to log in by entering "Domain\Username" or "user@domain.com" in the username field.

A better choice in my opinion would be to confgure the "Logon Locally" user right within Group Policy to control who can log in where.  So you might configure a GPO for workstations in DomainA so that only DomainA\Domain Users have the logon locally right, and similarly for your other domains.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:sometechguy
ID: 18839072
Of Course! Why didn't I think of that! Thank you very much.
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question