How to remove unwanted local user accounts
How to get rid of those pesky local user accounts on your workstations, or at least mitigate their unwanted presence.
Say your network of Windows computers used to be a workgroup and you changed it to a domain. Now you have a bunch of workstations that can be accessed by both local user accounts (from their time as part of a workgroup) and domain user accounts (stored in Active Directory). Is there any way you can prevent users from continuing to log on using their old local user accounts stored on their machines?
The preferred solution is to delete the local user accounts from each workstation that has them. A possible alternative is to use Group Policy to manipulate the Log On Locally user right to prevent anyone except domain users from logging on to desktop computers targeted by such policy. The Log On Locally user right is found under Computer Configuration Windows Settings Security Settings Local Policies User Rights Assignment. But the Log On Locally approach should be carefully tested on a test network before using it on your product network to ensure no unpredictable effects result from implementing it in your environment.
Another approach worth exploring is to use a script to delete unwanted local user accounts from your computers. A sample script that does this and which you can customize further if needed can be found at http://www.microsoft.com/technet/scriptcenter/scripts/ds/local/users/default.mspx?mfr=true on the Windows Script Repository. By deploying this script to targeted desktop computers using Group Policy, you should be able to remove all unnecessary local accounts from these computers.
Finally, here’s a social engineering way of doing it—configure password policies on the OU where the machines reside that have such local user accounts. Configure the policy so that users have to enter a long, complex password and they have to change it every day to something new (and enforce password history using its maximum value to prevent them from re-using their old passwords). GPOs that have password policies configured and which are linked to OUs will affect only local user accounts for machines in that OU, so users who try to use their old local user accounts will have to frequently change their passwords and will likely get tired of doing so after a while!
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.