question

franciscpsi avatar image
0 Votes"
franciscpsi asked FanFan-MSFT commented

Deny logon without access to domain controller

Hello,
I need to deny login to users who do not have connectivity to domain controller via VPN or LAN.
This way you could always apply GPOs to users rather than remote users.
Thanks.

windows-active-directory
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,

0 Votes 0 ·

Hi,
 
Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.

Best Regards,

0 Votes 0 ·

1 Answer

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Based on my understanding, you want to prevent users logging on to any devices if there is no domain controller available to authenticate them, right?
If I misunderstand you, please feel to let me know.
To prevent prevent users logging on to any devices when there is no domain controller available, we can change Number of previous logons to cache to 0
under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

"This way you could always apply GPOs to users rather than remote users."
Not sure the purpose you want to achieve, would you please tell more about your question?

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.