Solved

How do I set my XP machine to not allow the domain policy to override it?

Posted on 2007-11-29
4
221 Views
Last Modified: 2010-04-21
Someone logged onto my computer locally using the domain loggin.  I want to stop them.  Thanks.
0
Comment
Question by:Sp0cky
4 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20374500
Please explain what you mean - you can't log on locally using a domain logon - they can log onto the domain FROM your computer - is that what you mean ?
0
 
LVL 19

Accepted Solution

by:
darron_chapman earned 300 total points
ID: 20374590
You have to be a local admin for this to work

Control Panel
Administrative Tools
Local Security Policy
User Rights Assignments on the left (under Local Policies)
Double Click Log on locally (on the right)
Remove Domain Admins (and anyone else, just make sure you don't remove yourself)
0
 
LVL 4

Assisted Solution

by:oldPCguy
oldPCguy earned 200 total points
ID: 20374790
You can modify the local computer policy (run c:\windows\system32\secpol.msc /s) and modify the user rights assignments. Specifically the "Deny logon locally" setting. Many system administrators leave this at the default setting when creating security policies so the locally policy will stay in effect. Make sure you are very careful as to what accounts are added here as you may lock yourself out.

** I need to stress that If this machine is at your workplace, many corporate environments prohibit modifying security policies on local machines. This would be a violatation of IT policies and may result in disciplinary action and/or termination of employment.
0
 

Author Closing Comment

by:Sp0cky
ID: 31411685
Thanks guys.  I promise not to fire myself! :)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now