How do I set my XP machine to not allow the domain policy to override it?

Posted on 2007-11-29
Medium Priority
Last Modified: 2010-04-21
Someone logged onto my computer locally using the domain loggin.  I want to stop them.  Thanks.
Question by:Sp0cky
LVL 70

Expert Comment

ID: 20374500
Please explain what you mean - you can't log on locally using a domain logon - they can log onto the domain FROM your computer - is that what you mean ?
LVL 19

Accepted Solution

darron_chapman earned 1200 total points
ID: 20374590
You have to be a local admin for this to work

Control Panel
Administrative Tools
Local Security Policy
User Rights Assignments on the left (under Local Policies)
Double Click Log on locally (on the right)
Remove Domain Admins (and anyone else, just make sure you don't remove yourself)

Assisted Solution

oldPCguy earned 800 total points
ID: 20374790
You can modify the local computer policy (run c:\windows\system32\secpol.msc /s) and modify the user rights assignments. Specifically the "Deny logon locally" setting. Many system administrators leave this at the default setting when creating security policies so the locally policy will stay in effect. Make sure you are very careful as to what accounts are added here as you may lock yourself out.

** I need to stress that If this machine is at your workplace, many corporate environments prohibit modifying security policies on local machines. This would be a violatation of IT policies and may result in disciplinary action and/or termination of employment.

Author Closing Comment

ID: 31411685
Thanks guys.  I promise not to fire myself! :)

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question