Solved

Disable Cross-Domain Logins

Posted on 2007-04-02
2
198 Views
Last Modified: 2010-04-18
The organization has one parent domain and three child domains.
In these domains, there are a few location specific "generic" logins for multiple users to share.
How do I disable logins between child domains on a specific set of computers. For example: If Computer1 is joined to child DomainA... how do I disable users on a Computer2 in child DomainB from logging in using credentials in DomainA? Basically, I don't want them to be able to hit the drop-down box and choose a domain other than the one the PC is joined to.

Thanks,
0
Comment
Question by:sometechguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18839017
You cannot remove a partial list of trusted domains from the drop-down box. If you wanted to pursue this option, you would need to make a Registry change on your clients that would disable the drop-down entirely; your users would need to log in by entering "Domain\Username" or "user@domain.com" in the username field.

A better choice in my opinion would be to confgure the "Logon Locally" user right within Group Policy to control who can log in where.  So you might configure a GPO for workstations in DomainA so that only DomainA\Domain Users have the logon locally right, and similarly for your other domains.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:sometechguy
ID: 18839072
Of Course! Why didn't I think of that! Thank you very much.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question