Ask the Expert

How can I prevent my coworkers from logging onto my PC through AD?

How can I prevent my coworkers from logging onto my computer through Active Directory? How can I stop them once and for all? I don't want data to be erased or corrupt.
In the Local Security PolicyWindows SettingsSecurity SettingsLocal PoliciesUser rights container, remove all groups that your coworkers belong to from the user right "logon locally." Make sure that your account, or some group that you and not they belong to, does have this right. Note that you must have local administrator privileges to do this. You may need to get help from an administrator.

In addition to the above, you can remove their ability to access your computer across the network by removing their user right. You should also not share folders, run a Web server on your computer, run remote administration programs (see your domain admins), run antiviral software to prevent Trojans and apply file and folder access permissions. Nothing can stop a determined attacker forever, but you can certainly build in layers of security that will defend your data files from your fellow workers.

You should also seek help from your information security staff. If you are having a problem with fellow workers destroying data files or abusing system privilges, security should be made aware.

This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: