Question about Network Software & Management Tools
Good morning Dear,
Thanks for attempting my problems. I think I had not made my point clear.
I am working for the company where there are 41 computers connected in a network
Server (Windows server Standard 2003 R2 English installed)
Client (XP installed)
I want to stop misused of client machine after working hours. For which I have followed the following process.
I have created 40 different users and are restricted for specific IP address so that only single user can login onto that particular machine. Password used while logging onto Domain for all 40 users are the same and known by everybody while password used for logging onto that machine is different and known by me only.
My server is ON only for working hours (9.00am to 7.00pm) and rest of the time it is off.
Also the client machine gets logoff automatically after 7.00pm if they are ON this setting is done on the server (I have restricted the time and Sunday i.e. logging is possible on Monday to Saturday from 9.00am to 7.00pm). Now I want to stop the client starting their machine after working hours when server is off.
Now if server / network switch is off or network wire is removed from that client machine then that machine can login to domain using user name and password given for then.
I want to have settings on client machine so that client machine is not able to login to domain when server / network is off.
I hope I have made my statement clear
Pls help waiting for the reply
Thanks for the background info, this makes it easier for me to see what you need.
You need to disable your guest account if you havnt already done so.
The user is logging on with a cached version of the logon information, this is useful for when the server goes down but not in your case as you need to prevent this.
Another worrying aspect is that you allow all your users to log on using the same password. Very bad from a security aspect anyhow. It is better to change at least every 30 days. If they moan they will get used to it soon enough.
Go into group policy again and computer configuration>windows settings>security settings>local policies>security options and look for interactive logon:number of previous logons to cache - set this to 0. If the domain controller is not available and the logon info is not cached they cannot logon to domain.
Group policy can be overruled at the client end if they have admin priviledges so you may have to set this on the client pc also. But you need to test to see if it is required there. I have not used that particular policy but it should be ok just on the server. Your users dont have admin rights do they? Anyway good luck. You can set this by applying it to an OU or domain wide but if you want to target just this one pc then maybe if you put it in its own ou and apply it just there.
You need to create new policies rather than modifying the domain one and keep each policy for specific purposes so that applying them to ou's is easier, ie internet options policy, firewall policy, working hours policy etc.
Posted on Mar 27, 2008
Tips for a great answer:
Nov 26, 2013 | OneRoof CyberCafePro Main Control Station
Mar 01, 2012 | Ates Software HandyCafe
Mar 23, 2010 | UltraBac Software Remote/Local Server...
Jan 06, 2010 | Computer Associates Full Version ...
Mar 30, 2009 | Juniper Networks Remote VPN Client 8.0...
Dec 11, 2007 | Microsoft ISA Server 2004 (e84-00526) for...
Sep 09, 2007 | Novell Nsure Audit 1.0 Secure Logging...
363 people viewed this question
Usually answered in minutes!