https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342151#M5156 i would agree, i strongly disrecomend using production servers as test boxen. <BR /><BR />if you need to test with production data. attach and upgrade your test box, then take it to another network and isolate it for test. you'll have to usurp all the roles on the test domain so you have a working test domain.<BR /><BR />to be really safe, grab a sid changer and change the sid of the test domain so replication with production is no longer posible. this will allow you to have a test environment with all the correct LDAP data, with zero posibility of your testing changes migrating back to the produciton network. <BR /><BR />i hope that made sense, as my brain is largly on autopilot right now. Wed, 28 Jul 2004 08:55:30 GMT Thomas Bianco 2004-07-28T08:55:30Z https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342147#M5152 Can I prevent users from logging into my system so I can carry out maintenance. Tue, 27 Jul 2004 09:05:27 GMT https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342147#M5152 Iain Hamilton_4 2004-07-27T09:05:27Z https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342148#M5153 Hi Iain,<BR /><BR />What is it you are trying to achieve, work on AD or on a server?<BR /><BR />You can take the domain controllers offline (netlogon service) that will stop everyone logging in (very extreme),<BR /><BR />Or you just post a message to everyone that the server will be offline.<BR /><BR />If you come back with more info I'll chat to my ad guys.<BR /><BR />regards<BR /><BR />john Wed, 28 Jul 2004 04:14:44 GMT https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342148#M5153 john_347 2004-07-28T04:14:44Z https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342149#M5154 John,<BR />Thanks for the help. So are you saying that if I stop the netlogon service users will not login to my server.<BR />What I am doing is I am setting my pc up as a domain controler for testing but do not want anyone logging in through it as I am constantly rebooting it. Wed, 28 Jul 2004 04:22:51 GMT https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342149#M5154 Iain Hamilton_4 2004-07-28T04:22:51Z https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342150#M5155 Hi Iain,<BR /><BR />I think a word of caution is called for.. If you already have a live system Then I would refrain from carrying out tests using your "new controller". Rather you should build a test domain ( as we have ) and carry out tests there prior to going live.<BR /><BR />also you will need to make sure that you can log backin to your controller after a reboot (local policy), cause stopping the netlogin service will stop you logging back in if it is set to manual.<BR /><BR />Regards<BR /><BR />john Wed, 28 Jul 2004 04:53:27 GMT https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342150#M5155 john_347 2004-07-28T04:53:27Z https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342151#M5156 i would agree, i strongly disrecomend using production servers as test boxen. <BR /><BR />if you need to test with production data. attach and upgrade your test box, then take it to another network and isolate it for test. you'll have to usurp all the roles on the test domain so you have a working test domain.<BR /><BR />to be really safe, grab a sid changer and change the sid of the test domain so replication with production is no longer posible. this will allow you to have a test environment with all the correct LDAP data, with zero posibility of your testing changes migrating back to the produciton network. <BR /><BR />i hope that made sense, as my brain is largly on autopilot right now. Wed, 28 Jul 2004 08:55:30 GMT https://community.hpe.com/t5/operating-system-microsoft/prevent-active-directory-logins/m-p/3342151#M5156 Thomas Bianco 2004-07-28T08:55:30Z