<div>
isnt there a setting on the DC itsself to only allow admins to log on?
</div>


isnt there a setting on the DC itsself to only allow admins to log on?

<div>
Active directory should not allow anyone other than a domain admin, server admin, account operator, etc... To log in.<br />

</div>


Active directory should not allow anyone other than a domain admin, server admin, account operator, etc... To log in.


<div>
Thanks Firebar,<br />
Had a look at the setting, and it is not configured, therefore admin only.<br />
What I don't understand is why under Documentss and settings on the server, the DC, was one of my users!!!!<br />
Got her to try again and she is locked out.<br />
Cheers
</div>


Thanks Firebar,
Had a look at the setting, and it is not configured, therefore admin only.
What I don't understand is why under Documentss and settings on the server, the DC, was one of my users!!!!
Got her to try again and she is locked out.
Cheers

<div>
<div class="content wysiwyg-content">
Is it possible to stop users logging onto the domain controller?<br />
Please do not mention 'Deny log-on locally' I'm talkiing about users who accidently might put in their user name and password into RDC. Let's say I've just been on their machine using RDC. The next time they use RDC to connect to a remote server, they just hit connect, understandably, and do not notice the address field now points to our DC rather than the remote machine.<br />
On the domain controller, 'Deny local log-on' only applies to users attempting &nbsp;to physically log-on the server; I think.<br />
I just do not want accounts created on the domain controller except mine and admin.<br />
Is this possible?<br />
Is there a GPO setting that can stop this?<br />
Cheers
</div>
</div>


Is it possible to stop users logging onto the domain controller?
Please do not mention 'Deny log-on locally' I'm talkiing about users who accidently might put in their user name and password into RDC. Let's say I've just been on their machine using RDC. The next time they use RDC to connect to a remote server, they just hit connect, understandably, and do not notice the address field now points to our DC rather than the remote machine.
On the domain controller, 'Deny local log-on' only applies to users attempting  to physically log-on the server; I think.
I just do not want accounts created on the domain controller except mine and admin.
Is this possible?
Is there a GPO setting that can stop this?
Cheers

How to stop users logging onto DC

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).