Disabling user account
Last response: in Windows 2000/NT
mani
December 2, 2004 6:46:06 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
I would like to know how to diable an account when it is place into an OU I
can created? I would like to accomplish this via GPO. Does anyone have
any suggestion?
I would like to know how to diable an account when it is place into an OU I
can created? I would like to accomplish this via GPO. Does anyone have
any suggestion?
More about : disabling user account
Anonymous
December 2, 2004 9:56:49 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
"mani" <mani@idt.com> wrote in message
news:#Fvpz$K2EHA.1452@TK2MSFTNGP11.phx.gbl...
> I would like to know how to diable an account when it is place into an OU
I
> can created? I would like to accomplish this via GPO. Does anyone have
> any suggestion?
It (probably) doesn't really make sense to disable an
account through a GPO.
First, who or what would you link the GPO to? When,
if ever, would it be applied?
If now, why not just disable the account?
When would it STOP being applied?
What are you really trying to accomplish, other
than disabling some specific account?
--
Herb Martin
>
>
"mani" <mani@idt.com> wrote in message
news:#Fvpz$K2EHA.1452@TK2MSFTNGP11.phx.gbl...
> I would like to know how to diable an account when it is place into an OU
I
> can created? I would like to accomplish this via GPO. Does anyone have
> any suggestion?
It (probably) doesn't really make sense to disable an
account through a GPO.
First, who or what would you link the GPO to? When,
if ever, would it be applied?
If now, why not just disable the account?
When would it STOP being applied?
What are you really trying to accomplish, other
than disabling some specific account?
--
Herb Martin
>
>
Anonymous
December 3, 2004 12:35:09 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
I have a script that I use to disable a user account, move it to a "disabled
users OU" , deletes the home folder on whatever server it exists on, removes
the terminal server home folder if it exists and replicates the change to the
domain controller the user logs on to to make sure the account is disabled
"out there" in their office immediatly, instead of when the normal
replication would take place.
I would do something similar in your case.
I have a script that I use to disable a user account, move it to a "disabled
users OU" , deletes the home folder on whatever server it exists on, removes
the terminal server home folder if it exists and replicates the change to the
domain controller the user logs on to to make sure the account is disabled
"out there" in their office immediatly, instead of when the normal
replication would take place.
I would do something similar in your case.
Related resources
- Disabling user account in xp for particular time - Forum
- User Account gone, only Administrator account shows, says "Your account has been disabled. Please see your system admin.." - Forum
- Disabling password changing in user accounts? - Forum
- Disabling Broadband Connection in other user accounts - Forum
- Disable CMD to create account user - Forum
Anonymous
December 3, 2004 6:12:28 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
"ylekiot1 Wyle E Coyote" <ylekiot1WyleECoyote@discussions.microsoft.com>
wrote in message news:1168251A-6376-477C-BD58-11950A95CF90@microsoft.com...
>
> I have a script that I use to disable a user account, move it to a
"disabled
> users OU" , deletes the home folder on whatever server it exists on,
removes
> the terminal server home folder if it exists and replicates the change to
the
> domain controller the user logs on to to make sure the account is disabled
> "out there" in their office immediatly, instead of when the normal
> replication would take place.
>
> I would do something similar in your case.
I would NOT include the DISABLE in the script or
depend on the GPO in any way for the disable.
Remember, the GPO will not apply to network connections
that don't constitute a logon so a supposedly disabled user
would still be able to make network only connections.
The idea of the disabled GPO is not a bad one, but one of
the steps should be to also manually disable the user's account.
--
Herb Martin
"ylekiot1 Wyle E Coyote" <ylekiot1WyleECoyote@discussions.microsoft.com>
wrote in message news:1168251A-6376-477C-BD58-11950A95CF90@microsoft.com...
>
> I have a script that I use to disable a user account, move it to a
"disabled
> users OU" , deletes the home folder on whatever server it exists on,
removes
> the terminal server home folder if it exists and replicates the change to
the
> domain controller the user logs on to to make sure the account is disabled
> "out there" in their office immediatly, instead of when the normal
> replication would take place.
>
> I would do something similar in your case.
I would NOT include the DISABLE in the script or
depend on the GPO in any way for the disable.
Remember, the GPO will not apply to network connections
that don't constitute a logon so a supposedly disabled user
would still be able to make network only connections.
The idea of the disabled GPO is not a bad one, but one of
the steps should be to also manually disable the user's account.
--
Herb Martin
Anonymous
December 5, 2004 8:51:24 PM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
circa Fri, 3 Dec 2004 15:12:28 -0600, in
microsoft.public.win2000.active_directory, Herb Martin
(news@LearnQuick.com) said,
> "ylekiot1 Wyle E Coyote" <ylekiot1WyleECoyote@discussions.microsoft.com>
> wrote in message news:1168251A-6376-477C-BD58-11950A95CF90@microsoft.com...
> >
> > I have a script that I use to disable a user account, move it to a
> "disabled
> > users OU" , deletes the home folder on whatever server it exists on,
> removes
> > the terminal server home folder if it exists and replicates the change to
> the
> > domain controller the user logs on to to make sure the account is disabled
> > "out there" in their office immediatly, instead of when the normal
> > replication would take place.
> >
> > I would do something similar in your case.
>
> I would NOT include the DISABLE in the script
Why? It sounds like it is the entire purpose of this poster's script
(and note that this is not the same person who posted the question
originally).
> or
> depend on the GPO in any way for the disable.
The person to whom you are responding does not do so, as far as I can
tell.
>
> Remember, the GPO will not apply to network connections
> that don't constitute a logon so a supposedly disabled user
> would still be able to make network only connections.
Huh?
>
> The idea of the disabled GPO is not a bad one, but one of
> the steps should be to also manually disable the user's account.
Huh?
Am I missing something? The post to which you are responding doesn't
say anything at all about using a GPO. It suggests scripting the
disable, which is the same suggestion the original poster has been
given in the other newsgroups where s/he posted the question. Did I
miss a post somewhere?
Thanks,
Laura
>
>
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
circa Fri, 3 Dec 2004 15:12:28 -0600, in
microsoft.public.win2000.active_directory, Herb Martin
(news@LearnQuick.com) said,
> "ylekiot1 Wyle E Coyote" <ylekiot1WyleECoyote@discussions.microsoft.com>
> wrote in message news:1168251A-6376-477C-BD58-11950A95CF90@microsoft.com...
> >
> > I have a script that I use to disable a user account, move it to a
> "disabled
> > users OU" , deletes the home folder on whatever server it exists on,
> removes
> > the terminal server home folder if it exists and replicates the change to
> the
> > domain controller the user logs on to to make sure the account is disabled
> > "out there" in their office immediatly, instead of when the normal
> > replication would take place.
> >
> > I would do something similar in your case.
>
> I would NOT include the DISABLE in the script
Why? It sounds like it is the entire purpose of this poster's script
(and note that this is not the same person who posted the question
originally).
> or
> depend on the GPO in any way for the disable.
The person to whom you are responding does not do so, as far as I can
tell.
>
> Remember, the GPO will not apply to network connections
> that don't constitute a logon so a supposedly disabled user
> would still be able to make network only connections.
Huh?
>
> The idea of the disabled GPO is not a bad one, but one of
> the steps should be to also manually disable the user's account.
Huh?
Am I missing something? The post to which you are responding doesn't
say anything at all about using a GPO. It suggests scripting the
disable, which is the same suggestion the original poster has been
given in the other newsgroups where s/he posted the question. Did I
miss a post somewhere?
Thanks,
Laura
>
>
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
Anonymous
December 6, 2004 1:42:10 AM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
--
Herb Martin
"Laura A. Robinson" <geekwench@snippit.hotmail.com> wrote in message
news:MPG.1c1d5af78034630c98aecd@msnews.microsoft.com...
> > > I have a script that I use to disable a user account, move it to a
> > "disabled
> > > users OU" , deletes the home folder on whatever server it exists on,
> > removes
> > > the terminal server home folder if it exists and replicates the change
to
> > the
> > > domain controller the user logs on to to make sure the account is
disabled
> > > "out there" in their office immediatly, instead of when the normal
> > > replication would take place.
> > >
> > > I would do something similar in your case.
> > I would NOT include the DISABLE in the script
>
> Why? It sounds like it is the entire purpose of this poster's script
> (and note that this is not the same person who posted the question
> originally).
The reasons were given in my previous message (2 back
from me now in this thread.)
> > Remember, the GPO will not apply to network connections
> > that don't constitute a logon so a supposedly disabled user
> > would still be able to make network only connections.
>
> Huh?
Which part don't you understand?
GPOs are not invoked for network authentications
which are not part of a logon (at a machine or through
terminal services.)
So were one to depend on a GPO to apply the DISABLE
then the account might remain Enabled far longer than
desired.
> > The idea of the disabled GPO is not a bad one, but one of
> > the steps should be to also manually disable the user's account.
>
> Huh?
>
> Am I missing something?
Probably.
--
Herb Martin
"Laura A. Robinson" <geekwench@snippit.hotmail.com> wrote in message
news:MPG.1c1d5af78034630c98aecd@msnews.microsoft.com...
> > > I have a script that I use to disable a user account, move it to a
> > "disabled
> > > users OU" , deletes the home folder on whatever server it exists on,
> > removes
> > > the terminal server home folder if it exists and replicates the change
to
> > the
> > > domain controller the user logs on to to make sure the account is
disabled
> > > "out there" in their office immediatly, instead of when the normal
> > > replication would take place.
> > >
> > > I would do something similar in your case.
> > I would NOT include the DISABLE in the script
>
> Why? It sounds like it is the entire purpose of this poster's script
> (and note that this is not the same person who posted the question
> originally).
The reasons were given in my previous message (2 back
from me now in this thread.)
> > Remember, the GPO will not apply to network connections
> > that don't constitute a logon so a supposedly disabled user
> > would still be able to make network only connections.
>
> Huh?
Which part don't you understand?
GPOs are not invoked for network authentications
which are not part of a logon (at a machine or through
terminal services.)
So were one to depend on a GPO to apply the DISABLE
then the account might remain Enabled far longer than
desired.
> > The idea of the disabled GPO is not a bad one, but one of
> > the steps should be to also manually disable the user's account.
>
> Huh?
>
> Am I missing something?
Probably.
Anonymous
December 8, 2004 2:42:49 AM
Archived from groups: microsoft.public.win2000.active_directory (More info?)
circa Sun, 5 Dec 2004 22:42:10 -0600, in
microsoft.public.win2000.active_directory, Herb Martin
(news@LearnQuick.com) said,
>
> > > > I have a script that I use to disable a user account, move it to a
> > > "disabled
> > > > users OU" , deletes the home folder on whatever server it exists on,
> > > removes
> > > > the terminal server home folder if it exists and replicates the change
> to
> > > the
> > > > domain controller the user logs on to to make sure the account is
> disabled
> > > > "out there" in their office immediatly, instead of when the normal
> > > > replication would take place.
> > > >
> > > > I would do something similar in your case.
> > > I would NOT include the DISABLE in the script
> >
> > Why? It sounds like it is the entire purpose of this poster's script
> > (and note that this is not the same person who posted the question
> > originally).
>
> The reasons were given in my previous message (2 back
> from me now in this thread.)
And you're responding to a message that has nothing to do with that;
the poster recommended a *script*.
>
> > > Remember, the GPO will not apply to network connections
> > > that don't constitute a logon so a supposedly disabled user
> > > would still be able to make network only connections.
> >
> > Huh?
>
> Which part don't you understand?
The part where you discuss GPOs with somebody who recommended a
scripting solution.
>
> GPOs are not invoked for network authentications
> which are not part of a logon (at a machine or through
> terminal services.)
>
> So were one to depend on a GPO to apply the DISABLE
> then the account might remain Enabled far longer than
> desired.
>
> > > The idea of the disabled GPO is not a bad one, but one of
> > > the steps should be to also manually disable the user's account.
> >
> > Huh?
> >
> > Am I missing something?
>
> Probably.
>
Actually, I think you are, but I was being polite.
Laura
--
There's a great power in words, if you don't hitch too many of them
together.
-Josh Billings
circa Sun, 5 Dec 2004 22:42:10 -0600, in
microsoft.public.win2000.active_directory, Herb Martin
(news@LearnQuick.com) said,
>
> > > > I have a script that I use to disable a user account, move it to a
> > > "disabled
> > > > users OU" , deletes the home folder on whatever server it exists on,
> > > removes
> > > > the terminal server home folder if it exists and replicates the change
> to
> > > the
> > > > domain controller the user logs on to to make sure the account is
> disabled
> > > > "out there" in their office immediatly, instead of when the normal
> > > > replication would take place.
> > > >
> > > > I would do something similar in your case.
> > > I would NOT include the DISABLE in the script
> >
> > Why? It sounds like it is the entire purpose of this poster's script
> > (and note that this is not the same person who posted the question
> > originally).
>
> The reasons were given in my previous message (2 back
> from me now in this thread.)
And you're responding to a message that has nothing to do with that;
the poster recommended a *script*.
>
> > > Remember, the GPO will not apply to network connections
> > > that don't constitute a logon so a supposedly disabled user
> > > would still be able to make network only connections.
> >
> > Huh?
>
> Which part don't you understand?
The part where you discuss GPOs with somebody who recommended a
scripting solution.
>
> GPOs are not invoked for network authentications
> which are not part of a logon (at a machine or through
> terminal services.)
>
> So were one to depend on a GPO to apply the DISABLE
> then the account might remain Enabled far longer than
> desired.
>
> > > The idea of the disabled GPO is not a bad one, but one of
> > > the steps should be to also manually disable the user's account.
> >
> > Huh?
> >
> > Am I missing something?
>
> Probably.
>
Actually, I think you are, but I was being polite.
Laura
--
There's a great power in words, if you don't hitch too many of them
together.
-Josh Billings
Related resources
- How to disable user account in windows 7 home premium Forum
- I have create a limited account user and disable inbuilt administrator, when i e Forum
- My pc adminisatrator user account disable pls give me solution is uer enable in Forum
- how to determine user account disabled date Forum
- Disable user accounts? Forum
- SolvedUser account control for Windows 7 Forum
- SolvedUser Account Control Forum
- SolvedStandard User Account Password Problem Forum
- SolvedUser Account Not Working Forum
- SolvedHow to deny whole internet access on standard User-Account? Forum
- SolvedUser Account Resets all information each relogin. Forum
- Permanently DELETING, not disabling, Guest Account in Windows 7 Forum
- SolvedUser Account Service failed on my administrator account Forum
- Solveduser account blank screen Forum
- SolvedUser Account issues Forum
- More resources
!
