Archived from groups: microsoft.public.win2000.active_directory (
More info?)
circa Sun, 5 Dec 2004 22:42:10 -0600, in
microsoft.public.win2000.active_directory, Herb Martin
(news@LearnQuick.com) said,
>
> > > > I have a script that I use to disable a user account, move it to a
> > > "disabled
> > > > users OU" , deletes the home folder on whatever server it exists on,
> > > removes
> > > > the terminal server home folder if it exists and replicates the change
> to
> > > the
> > > > domain controller the user logs on to to make sure the account is
> disabled
> > > > "out there" in their office immediatly, instead of when the normal
> > > > replication would take place.
> > > >
> > > > I would do something similar in your case.
> > > I would NOT include the DISABLE in the script
> >
> > Why? It sounds like it is the entire purpose of this poster's script
> > (and note that this is not the same person who posted the question
> > originally).
>
> The reasons were given in my previous message (2 back
> from me now in this thread.)
And you're responding to a message that has nothing to do with that;
the poster recommended a *script*.
>
> > > Remember, the GPO will not apply to network connections
> > > that don't constitute a logon so a supposedly disabled user
> > > would still be able to make network only connections.
> >
> > Huh?
>
> Which part don't you understand?
The part where you discuss GPOs with somebody who recommended a
scripting solution.
>
> GPOs are not invoked for network authentications
> which are not part of a logon (at a machine or through
> terminal services.)
>
> So were one to depend on a GPO to apply the DISABLE
> then the account might remain Enabled far longer than
> desired.
>
> > > The idea of the disabled GPO is not a bad one, but one of
> > > the steps should be to also manually disable the user's account.
> >
> > Huh?
> >
> > Am I missing something?
>
> Probably.
>
Actually, I think you are, but I was being polite.
Laura
--
There's a great power in words, if you don't hitch too many of them
together.
-Josh Billings