Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do domain users logon locally on their workstations? 1
- Thread starter mask1
- Start date
Well, you could turn on the user profile caching, but that's not recommended in a high security environment. At least I've heard that works.
The best choice, and what I do, is to create a machine local account for them that's got a different password. They can log into that when away from the domain.
- Thread starter
- #3
Hi compuveg
Thanks for your reply. The problem I am having is that when I join the computer to the DC and create the local account on the computer, after the restart, the local account is not found. My feeling is that I have a group policy that is causing conflicts. I am using Restricted Accounts policy to add the DC accounts to the Local Administrators group in the Workstations.
Do you think this could be the problem?
I look forward to your reply.
Thanks for your reply. The problem I am having is that when I join the computer to the DC and create the local account on the computer, after the restart, the local account is not found. My feeling is that I have a group policy that is causing conflicts. I am using Restricted Accounts policy to add the DC accounts to the Local Administrators group in the Workstations.
Do you think this could be the problem?
I look forward to your reply.
PoliMalaka
IS-IT--Management
Does this GPO delete other accounts on the box, even local ones?
For ease of use you can map any account to look at any profile as long as the perms are correct.
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Profilelist
Find the SID of the user you want to change and then change the key for ProfileImagePath to point to the correct profile.
For ease of use you can map any account to look at any profile as long as the perms are correct.
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Profilelist
Find the SID of the user you want to change and then change the key for ProfileImagePath to point to the correct profile.
Its quite common to use local profiles rather than roaming profiles for laptops but you lose central control of the profile. Security-wise when off-site you are reliant on NTFS permissions and NT logon security but for most situations its adequate.
It will however allow logging on off the network.
Jonathan
It will however allow logging on off the network.
Jonathan
Well, unless your laptop is a DC or the account's been removed by a domain admin, it should have a local administrator account. When you login to the machine, make sure you're logging into the computer, and not the domain. (I'm sure it can be configured so you can't do this) Then create the local account.
To choose where you're logging into, hit the 'Options' button, which should have a 'log onto' drop-down list. This isn't as straightforward if you're using the Novell clients. There you've got to choose 'workstation only', then you've got to hit 'advanced' and goto the windows tab, and there's the 'log on to' drop-down list.
Sure, a domain admin can create a machine local account, but logging in 'machine only' ensures that the ability to do this is there.
To choose where you're logging into, hit the 'Options' button, which should have a 'log onto' drop-down list. This isn't as straightforward if you're using the Novell clients. There you've got to choose 'workstation only', then you've got to hit 'advanced' and goto the windows tab, and there's the 'log on to' drop-down list.
Sure, a domain admin can create a machine local account, but logging in 'machine only' ensures that the ability to do this is there.
-
1
- #7
porkchopexpress
IS-IT--Management
If you are using restricted groups then you will need to specify all acconts that you want to appear in the local group or they will be remeoved.
- Thread starter
- #9
porkchopexpress
IS-IT--Management
No you can add groups i do.
If i remember correctly you have to manually type the name of the local group that you want to affect. Have a look at the link below.
If i remember correctly you have to manually type the name of the local group that you want to affect. Have a look at the link below.
- Thread starter
- #11
porkchopexpress
IS-IT--Management
You will have to type in the names of the local accounts manually or they will be removed, including the administrator.
porkchopexpress
IS-IT--Management
E.G.
Administrators: Administrator, Domain\Group1, User1, User2
Power Users: User3, User4, Domain\Group2
The users without a domain name in front are local users, i don't think you can browse for them in active directory so you have to type them in exactly.
Administrators: Administrator, Domain\Group1, User1, User2
Power Users: User3, User4, Domain\Group2
The users without a domain name in front are local users, i don't think you can browse for them in active directory so you have to type them in exactly.
- Thread starter
- #14
- Status
Similar threads
