After a bit of e-mail with the OP, it turns out that the account in question
is the built-in Administrator account. I agree on the necessity of simply
changing the password on the account, and in the end, I suspect that's the
only real viable option, although there are ways to restrict that account's
ability to log on to unspecified machines.
Laura
-----Original Message-----
From: Andrew Kleszczewski
[mailto:Andrew.Kleszczewski@bellevue.nychhc.org]
Sent: Thursday, November 10, 2005 11:33 PM
To: Dallas.Hindle@bakersdelight.com.au; focus-ms@securityfocus.com
Subject: Re: Deny Logon by Domain Admin account to specific
PC's or deny to all BUT specific PC's
The quickest method is already built in to Active Directory.
Simply open the properties on the account and look on the
'Account' tab. Click the "Logon To" button. Select "The
following computers" radio button and type the workstations
you want the account to be restricted to.
As an alternate you could search for an MS tool named
LimitLogon. There is additional configuration required, such
as configuring a group policy to associated a login and
logoff script, modifying the schema, and installing the
client on the workstation, etc... Limitlogon will allow you
to restrict concurrent sessions on any account and it
provides logging as well.
"Hindle, Dallas" <Dallas.Hindle@bakersdelight.com.au>
11/10/05 8:15
PM >>>
Hi all
I assumed this was easy but I must be missing something...
I have a domain admin Account that is used for Services, SQL
Processes, Scheduled Tasks and for automated logons for some
proprietary software... This account has had the password
leak out to a 3rd party whom has decided to share it with
other people in the company.
As I'm sure you agree I need to get his account locked down
ASAP, I want to prevent logon to this account from any pc's
other than the ones I authorise, and I though this was a
simple process, I don't know what I'm missing but if anyone
has any suggestions it would be much appreciated.
Thanks
Dallas
--
Message protected by MailGuard: e-mail anti-virus, anti-spam
and content filtering.
http://www.mailguard.com.au/mg
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
-----------------------------------------
CONFIDENTIALITY NOTICE:
The information in this E-Mail may be confidential and may be
legally privileged. It is intended solely for the addressee(s). If
you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance
on this e-mail, is prohibited and may be unlawful. If you have
received this E-Mail message in error, notify the sender by reply
E-Mail and delete the message.
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
