Is it possible to stop users logging onto the domain controller?
Please do not mention 'Deny log-on locally' I'm talkiing about users who accidently might put in their user name and password into RDC. Let's say I've just been on their machine using RDC. The next time they use RDC to connect to a remote server, they just hit connect, understandably, and do not notice the address field now points to our DC rather than the remote machine.
On the domain controller, 'Deny local log-on' only applies to users attempting to physically log-on the server; I think.
I just do not want accounts created on the domain controller except mine and admin.
Is this possible?
Is there a GPO setting that can stop this?