Re: Users remove network cable to avoid Group Policy
From: Stew Basterash (stewartbash_at_hotmail.com)
Date: 04/01/04
- Next message: Stew Basterash: "Re: Managing User Profiles With Group Policies"
- Previous message: Dan: "Re: Deploying Office"
- In reply to: Ryan Grainger: "Users remove network cable to avoid Group Policy"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Apr 2004 15:09:31 -0600
If you understand that logon without a doman controller can only be
accomplished with administrators and previously logged on users. If a user
has logged on, his credentials are stored and authenticated by the Local
Security Authority... To stop this you can set AD so that windows does not
store the profiles... by default I think it stores 10 (meaning it will store
the last 10 users logged in)... You can set this to "0"... Secondly, I would
set up a very restrictive local policy... basically without the domain
controller you can do nothing...
See this link: http://www.jsiinc.com/SUBA/tip0300/rh0368.htm
"Ryan Grainger" <ryan.grainger@zurich.com.au> wrote in message
news:13e0601c417b3$c4c5aad0$a601280a@phx.gbl...
> Hi all,
>
> I work in a K-12 educational setting.
>
> Our smarter students have realised they can stop group
> policy (or some of it...) applying by removing the network
> cable just after authenticating with the DCs. they then
> replace the cable after successful login.
> This means they can access the C:\ drive (currently
> blocked by group policy) etc.
>
> Is there any way we can, say, halt logon if network not
> detected, or something along those lines?
>
> any strategy to tackle this problem would be appreciated.
>
> Thanks for your time
>
> Ryan Grainger
> Sydney, Australia
- Next message: Stew Basterash: "Re: Managing User Profiles With Group Policies"
- Previous message: Dan: "Re: Deploying Office"
- In reply to: Ryan Grainger: "Users remove network cable to avoid Group Policy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
