Operating System - Microsoft
1748177 Members
4231 Online
108758 Solutions
New Discussion юеВ

Re: prevent active directory logins

 
SOLVED
Go to solution
Iain Hamilton_4
Occasional Contributor

prevent active directory logins

Can I prevent users from logging into my system so I can carry out maintenance.
I am therefore I think????
4 REPLIES 4
john_347
Regular Advisor

Re: prevent active directory logins

Hi Iain,

What is it you are trying to achieve, work on AD or on a server?

You can take the domain controllers offline (netlogon service) that will stop everyone logging in (very extreme),

Or you just post a message to everyone that the server will be offline.

If you come back with more info I'll chat to my ad guys.

regards

john
Iain Hamilton_4
Occasional Contributor

Re: prevent active directory logins

John,
Thanks for the help. So are you saying that if I stop the netlogon service users will not login to my server.
What I am doing is I am setting my pc up as a domain controler for testing but do not want anyone logging in through it as I am constantly rebooting it.
I am therefore I think????
john_347
Regular Advisor
Solution

Re: prevent active directory logins

Hi Iain,

I think a word of caution is called for.. If you already have a live system Then I would refrain from carrying out tests using your "new controller". Rather you should build a test domain ( as we have ) and carry out tests there prior to going live.

also you will need to make sure that you can log backin to your controller after a reboot (local policy), cause stopping the netlogin service will stop you logging back in if it is set to manual.

Regards

john
Thomas Bianco
Honored Contributor

Re: prevent active directory logins

i would agree, i strongly disrecomend using production servers as test boxen.

if you need to test with production data. attach and upgrade your test box, then take it to another network and isolate it for test. you'll have to usurp all the roles on the test domain so you have a working test domain.

to be really safe, grab a sid changer and change the sid of the test domain so replication with production is no longer posible. this will allow you to have a test environment with all the correct LDAP data, with zero posibility of your testing changes migrating back to the produciton network.

i hope that made sense, as my brain is largly on autopilot right now.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.