Solved

How do I set my XP machine to not allow the domain policy to override it?

Posted on 2007-11-29
4
228 Views
Last Modified: 2010-04-21
Someone logged onto my computer locally using the domain loggin.  I want to stop them.  Thanks.
0
Comment
Question by:Sp0cky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20374500
Please explain what you mean - you can't log on locally using a domain logon - they can log onto the domain FROM your computer - is that what you mean ?
0
 
LVL 19

Accepted Solution

by:
darron_chapman earned 300 total points
ID: 20374590
You have to be a local admin for this to work

Control Panel
Administrative Tools
Local Security Policy
User Rights Assignments on the left (under Local Policies)
Double Click Log on locally (on the right)
Remove Domain Admins (and anyone else, just make sure you don't remove yourself)
0
 
LVL 4

Assisted Solution

by:oldPCguy
oldPCguy earned 200 total points
ID: 20374790
You can modify the local computer policy (run c:\windows\system32\secpol.msc /s) and modify the user rights assignments. Specifically the "Deny logon locally" setting. Many system administrators leave this at the default setting when creating security policies so the locally policy will stay in effect. Make sure you are very careful as to what accounts are added here as you may lock yourself out.

** I need to stress that If this machine is at your workplace, many corporate environments prohibit modifying security policies on local machines. This would be a violatation of IT policies and may result in disciplinary action and/or termination of employment.
0
 

Author Closing Comment

by:Sp0cky
ID: 31411685
Thanks guys.  I promise not to fire myself! :)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question