Re: User Login

The accounts are currently disabled, but they will be enabled when they link
it to the Email system. So, the purpose of these accounts that are enabled is
for email login only (As, I said earlier, we are not using Exchange) and it
is using its own ldap to sync with AD and the accounts.

Hope this helps!

"Meinolf Weber" wrote:

Hello Neil,

See inline.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

We have several inactive accounts, and these users use their
departmental login to logon to the domain.

Are the accounts disabled or in use? This statement is not clear for me.

We plan to activate these
accounts for them to logon to their email (not exchange). So, if we
activate their accounts, they will be able to logon to any computers
which we do not want to and we would like to restrict these group of
users not to logon with their own credentials to the domain or to the
local computer.

If you not allow them to logon to the domain, they can not reach the mail
server of the domain.

Instead only use this for email login purpose. I hope
I am clear in this.

thanks again for you earlier response.

"Meinolf Weber" wrote:

Hello Neil,

If i got you correct, they should only be aible to logon to the
domain and not to the local machine without the domain? Create and
link a GPO to the OU, move the computers there and set:

Computer configuration, windows settings, security settings, local
policies, security options, in the right pane choose "Interactive
logon: Number of previous logons to cache" and set it to "0", so it
is disabled.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I am looking to add a set off users in AD to a separate group and
want to restrict these users not to logon to computers since they
logon with departmental login credentials. How can I go about doing
it.

thanks in advance!




.

Relevant Pages

  • Re: Domain Password Security
    ... accounts need to use complex passwords and minimum of ntlmv2 should be used for lan ... Services Client and configuring authentication level on Domain Controller Security ... controllers if you have all W2K/XP computers. ... I also recommend you enable auditing of account logon and logon ...
    (microsoft.public.win2000.security)
  • Re: Domain Password Security
    ... Domain Controller Security ... >controllers if you have all W2K/XP computers. ... >administrator accounts only when needed to, ... account logon and logon ...
    (microsoft.public.win2000.security)
  • RE: Server 2000 - 2003 Migration
    ... And if you have not so much users password reset after creating the accounts will be easier and faster then using ADMT. ... "Meinolf Weber" wrote: ... passwords and they get new profiles on the computers where they work. ...
    (microsoft.public.windows.server.migration)
  • Re: User Login
    ... filtering so that only this group gets the deny logon locally privilegs. ... the domain group called Domain Users is a member of the local ... put those user accounts into domain group and apply a GPO to the OU ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: OWA 2003 is only accessable during workingdays
    ... Is it the same when you log in from a client on the network? ... thinking of AD Users and Computers, Properties, Accounts, Logon Hours. ...
    (microsoft.public.exchange.misc)