[Dshield] Force Remote Windows User Lock-Out/Disable
Scott Melnick
duckie37 at gmail.com
Wed Feb 20 18:25:42 GMT 2008
On Wed, Feb 20, 2008 at 10:33 AM, BGaudreault Brian <BGaudreault at edrnet.com>
wrote:
> Thanks for your suggestions so far.
>
> I think I need to clarify that the intended use is for a one-time
> lockout (i.e. if we need to let someone go from the company that is
> remote from our environment and not connected to our corporate network).
> I'm not looking for a logon/logoff time scheduler for use as a daily set
> schedule.
>
> Thanks
>
What you could do is make a GPO for disabled users. When that user needs to
go put them or their machine in that GPO and do a force policy push and then
disconnect them.
There is a policy you can configure that tells the machine to only allow
logon (of any type) if authenticating to the domain. If you try to use a
local account on the machine it will not let you.
You of course need to disable their Domain account to prevent them from
logging back on to the domain.
There of course is other things you will not be able to prevent with this if
that user is intelligent.
Cheers,
Scott Melnick
More information about the list
mailing list