security policy in domain controller

Ziyad Tbeni 81 Reputation points
2022-10-04T18:40:06.847+00:00

how can Using group policy when putting pc to network to not allow local user access to desktop except for user join domain, and when disconnect the network allows local users to connect to the desktop??

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,305 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,000 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,748 questions
0 comments No comments
{count} votes

Accepted answer
  1. George Moise 2,346 Reputation points Microsoft Employee
    2022-10-05T06:59:49.703+00:00

    Hi @Ziyad Tbeni ,

    I am not aware of such a policy to configure what type of users (local / domain) are allowed to logon to a Windows Operating System based on the network configuration of the OS.

    Why would you need this in the first place?
    Theoretically, when your PC is connected to the corporate network, you will logon with an Active Directory (domain) User Account.
    Then, when the same PC is disconnected from the corporate network, you will still be able to logon with any Active Directory (domain) User Account that was logged on previously on the PC (as the info is cached locally on the OS).

    Either way, if you really need the Domain User only when connected and Local User only when not connected, you could build a PowerShell script that checks the user and network info at every logon, then based on your criteria could just perform a logoff automatically if the user is not the expected type.

    I hope this helps!
    BR,
    George

    Note: please "Accept the answer" if this helps you.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Ziyad Tbeni 81 Reputation points
    2022-10-05T11:26:07.607+00:00

    Yes, I mean when the PC is connected to the corporate network, you can log in using a user (domain) only and prevent the local user from logging in, and when you disconnect the PC from the corporate network, you can log in to a device using the local user.
    my question is can a policy or script be used to do this?

    0 comments No comments