[Dshield] Force Remote Windows User Lock-Out/Disable
BGaudreault Brian
BGaudreault at edrnet.com
Wed Feb 20 14:17:32 GMT 2008
The reason I said I didn't want a user logging on to another account on
the computer is because they are the only person that uses the computer
(at least they are the only person "approved" to use that computer). I
want to prevent all accounts from accessing the computer after a certain
time, which will ensure no one gains access to the computer until Admins
can disable the feature so they can logon.
-----Original Message-----
From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
Sent: Tuesday, February 19, 2008 11:51 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Force Remote Windows User Lock-Out/Disable
On Fri, 15 Feb 2008 17:54:25 EST, BGaudreault Brian said:
> Ideally the technique should work when they aren't connected to the
> corporate network and it would have the immediate effect of preventing
> the person from interacting with a logged-in session. The computer
does
> not need to be turned off or rebooted, but the person should not be
able
> to logon again using a local account or cached account.
Umm.. hang on.. you want "If we log him off of his AD account, he can't
logon again to *a different (local) account*?"
How do you distinguish between that, and some other user logging onto a
local account after you force the user off? Or do you have some scheme
that
links local and domain accounts, so you can tell what domain account a
local
account is related to?
More information about the list
mailing list