New To Ad....some Questions And Problems

[ICTCity]

Run "gpupdate /force" and then a resultant group policy in order to establish WHICH policy is applied to "block" password.

 

Well there are differents scenarios. When you join a domain you need an admin (domain admin) account to join the WS, once there well you don't have to have a specific account, you can also have one account for 1000 users, stupid but possible. Maybe what you want to know is: "Can I login into domain without creating a user first?" No you can't. Let's say you have a LOCAL account (DeanoLocal) on your computer (DeanoLocalPC), now you join the domain deano.local. Now you have 1 account and TWO domains:

- DeanoLocalPC\DeanoLocal (local account)

- deano.local

 

As you can see the DEANOLOCAL account exist on that workstation (workgroup DeanoLocalPC) not on domain! So you must create another account at domain level.

After that you can of course copy the local profile to domain profile, but basically you need a domain account.

 

 

No matter if you are using terminal services or just RDP, usually there's a group on domain called TERMINAL SERVER USERS, add this group as permitted on you terminal server (or where people login) and they will not able to login to the others servers. regarding workstations you can basically do the same thing, but this time you configure this by remote access settings (computer>rightclick>properties) adding the user.

[iphonogasm]

Ok ive done this but still no luck.

 

heres what i have!

 

No luck!

 

Thanks!

Edited February 9, 2014 by AWS

[ICTCity]

Post result of gpresult:

 

http://technet.microsoft.com/en-us/library/cc775413(v=ws.10).aspx

 

It's almost the same for windows server 2008.