(no)logon when PDC down

Mick Haigh mhaigh at village.vut.edu.au
Tue Aug 25 00:15:51 GMT 1998

John Harper wrote:

> When a recent CVS version of the pre-alpha code failed to work as a PDC
> I found to my surprise that my domain logon proceeded anyway. The
> client kindly told me it couldn't find a PDC, and used a local profile
> instead. While I'm sure this is very helpful, the whole point of
> authenticating (for me) is to ensure only authorized users get access
> to the machines, and that logs are kept of those who do logon.
> If you really want to play games, all you have to do is pull out the
> network cable, logon unauthenticated, plug it back and away you go...
> I've checked around, and I can't seem to discover if there is a
> registry hack to disable this "feature". Does anyone know how to
> disable domain logins when the PDC is down?

Use system policies.  Fire up poledit and create a new policy, save it to
//<PDCname>/netlogon/NTconfig.POL.  Somewhere in the policy settings there
is an option not to allow logons without authentication.  Same applies for
Win95 except the file is called config.POL

Mail me if you need more details.


More information about the samba-ntdom mailing list