How to prevent computers to logon remote site's domain controllers

Hi,
We have 3 sites (HQ, remote site A and remote site B) in a Windows 2008 r2 domain, the clients are win XP and win 7, if remote site A's DC and HQ's DC are offline, we don't want remote site B's DC to authenticate
remote site A and HQ client, how to prevent remote site B's DC to authenticate remote site A and HQ client except remote site B local client?
Regards,
Ray NG.

You might consider configuring ACLs on your firewalls and network equipment to filter this traffic. However, the idea of having multiple DCs is to have HA while in this case you are trying to avoid having benefit of this feature. For Windows clients, they
will keep using cached credentials as long as they cannot reach a DC for authentication.
If you would like to configure ACLs to achieve that, please do not restrict the communication between the DCs themselves.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

Similar Messages

  • Running Best Practice Analyzer on remote 2008 R2 domain controllers

    Hello Powershell World,
    I'll start out by first mentioning that I am a powershell rookie so I gladly welcome any input to help me improve or work more efficiently.  Anyway, I recently used powershell to run the best practice analyzer for DNS on all of our domain controllers.
     The way I went about was pretty tedious and inefficient but still got the job done through a series of one-liners and exported the report to a UNC path as follows:
    Enable-PSremoting -Force (I logged into all of the domain controllers individually and ran this before running the one-liners below from my workstation)
    New-PSSession -Name <Session Name> -ComputerName <Hostname>
    Enter-PSSession -Name <Session Name>
    Import-Module bestpractices
    Invoke-BPAModel Microsoft/Windows/DNSServer
    Get-BPAResult Microsoft/Windows/DNSServer | Select ModelId,Severity,Category,Title,Problem,Impact,Resolution,Compliance,Help | Sort Category | Export-CSV \\server\share\BPA_DNS_SERVERNAME.csv
    I'm looking to do this again but for the Directory Services best practice analyzer without having to individually enable remoting on the domain controllers and also provide a lsit of servers for the script to run against. 
    Thanks in advance for all your help!

    What do you mean by "without having to individually enable remoting "?
    You cannot remote without enabling remoting.  You only need to enable remoting once.  It is a configuraiton change.  If you have done it once you do not need to do it again.
    Here is how to runfrom a list of DCs.
    $sb={
    Import-Module bestpractices
    Invoke-BPAModel Microsoft/Windows/DNSServer
    Get-BPAResult Microsoft/Windows/DNSServer |
    Select ModelId,Severity,Category,Title,Problem,Impact,Resolution,Compliance,Help |
    Sort Category |
    Export-CSV "\\server\share\BPA_DNS_$env:COMPUTERNAME.csv"
    Invoke-BPAModel Microsoft/Windows/DirectoryServices
    # etc...
    ForEach($dc in $listofDCs){
    Invoke-Command -ScriptBlock $sb -Computer $dc
    ¯\_(ツ)_/¯

  • How can I allow send referrers in site (same domain) only but not between sites?

    I don't want other sites to know from which site I went there. (Sending referrer between sites.) However, some sites only function when referrer is sent on site (same domain).
    Is there a way to accomplish this? No sending referrers between sites but in sites: yes? If not Firefox, Chrome?
    Thanks.

    Hi , I think this addon is what you need [https://addons.mozilla.org/en-US/firefox/addon/refcontrol RefControl]
    About this Add-on:
    You create a list of sites, and the referrer that should be sent for each site. You can choose to send that referrer unconditionally or only for third-party requests. Additionally, you can specify the default behavior for any site not in the list.

  • How to prevent JEditorPane to show remote images

    Hello
    I make an e-mail client with JEditorPane to show the html content.
    If the content contains IMG tag with src like http://somehost.on.the.web...
    then JEditorPane tries to load the remote image. But I have an internet connection via proxy. So, JEditorPane cannot find somehost.on.the.web on the LAN and an annoying timeout occurs. If I use System.setProperty("http.proxySet","true"), ... then JEditorPane uses proxy and loads images. I do not want to use a proxy. But how can I eliminate the timeout? It doesn't occur in Linux. In windows it doesn't occur only if there are no active network connections.
    I learn that JEditorPane loads images throgh the java.awt.Toolkit.getDefaultToolkit()
    ImageView.loadImage()
    Could you, please, tell me how can I force JEditorPane to do not load remote images or eliminate the problem with timeout in Windows with LAN.

    > I have the first option checked.
    I wouldn't use that option, nor would I suggest anyone else
    use it UNLESS
    you are supremely confident in your ability to not make
    mistakes.
    Otherwise, it's a train wreck waiting to happen.
    > Yes...I DO have check in and check out enabled in the
    Sharing Files, Part
    > 2
    > box.
    Which is why you are being prompted to overwrite your local
    copy. Are you
    the only one working on that site? If so, you do not need, or
    even want the
    CI/CO option.
    Murray --- ICQ 71997575
    Adobe Community Expert
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    http://www.projectseven.com/go
    - DW FAQs, Tutorials & Resources
    http://www.dwfaq.com - DW FAQs,
    Tutorials & Resources
    ==================
    "kabra001" <[email protected]> wrote in
    message
    news:fto4ur$c6b$[email protected]..
    > Thanks for the response Murray
    >
    > In the site definition box Editinf Files Part 3 there
    are 2 options .....
    > 1.Edit local copies on my machine, then upload when
    ready.
    > 2.Edit directly on server using local network
    > I have the first option checked.
    > This does not seem to be automatic upload on save
    option,....
    > however...its
    > when I OPEN the LOCALfile that it seems to log in to the
    server and GET
    > the
    > remote copy, not present the local copy for editing.
    >
    > Yes...I DO have check in and check out enabled in the
    Sharing Files, Part
    > 2
    > box.
    >
    > cheers
    >
    >

  • How to prevent DW CS3 editing remote files?

    I have a site which I built with an earlier DW3.
    I have migrated the site to DW CS3 and chosen 'edit local
    files then upload' as the option
    However, when I try to open a local file for editing, DWCS3
    appears to insist on 'getting' the remote file and requires me to
    dialogue and answer"Do you wish to overwrite local files" and Do
    you wish to get dependant files"
    This suggests that despite my choice in the setup, DWCS3 is
    deciding to offer the remote files for editing.
    Am I missing something I should do?
    Thanks.

    > I have the first option checked.
    I wouldn't use that option, nor would I suggest anyone else
    use it UNLESS
    you are supremely confident in your ability to not make
    mistakes.
    Otherwise, it's a train wreck waiting to happen.
    > Yes...I DO have check in and check out enabled in the
    Sharing Files, Part
    > 2
    > box.
    Which is why you are being prompted to overwrite your local
    copy. Are you
    the only one working on that site? If so, you do not need, or
    even want the
    CI/CO option.
    Murray --- ICQ 71997575
    Adobe Community Expert
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    http://www.projectseven.com/go
    - DW FAQs, Tutorials & Resources
    http://www.dwfaq.com - DW FAQs,
    Tutorials & Resources
    ==================
    "kabra001" <[email protected]> wrote in
    message
    news:fto4ur$c6b$[email protected]..
    > Thanks for the response Murray
    >
    > In the site definition box Editinf Files Part 3 there
    are 2 options .....
    > 1.Edit local copies on my machine, then upload when
    ready.
    > 2.Edit directly on server using local network
    > I have the first option checked.
    > This does not seem to be automatic upload on save
    option,....
    > however...its
    > when I OPEN the LOCALfile that it seems to log in to the
    server and GET
    > the
    > remote copy, not present the local copy for editing.
    >
    > Yes...I DO have check in and check out enabled in the
    Sharing Files, Part
    > 2
    > box.
    >
    > cheers
    >
    >

  • Do I still remote Domain Controllers.....

    We currently have remote sites, with Domain Controllers which are also Global Catalogue servers.
    We are still running as Windows 2000 Native…(Long Story).
    We are planning to remove the remote DC’s as most of their functions as a file server has been removed, and we are wondering if there is any need any more for the remote locations to have a Windows Domain Controller.
    The clients will shortly be running Windows 7, and we are thinking of setting up printing on a local Windows 7 machine, along with a share for roaming profiles.
    Is this a good idea or are we missing something…

    From
    http://technet.microsoft.com/en-us/library/cc978016.aspx
    Automatic Site Coverage
    There is not necessarily a domain controller in every site. For various reasons, it is possible that no domain controller exists for a particular domain at the local site. By default, each domain controller checks all sites in the forest and then checks
    the replication cost matrix. A domain controller advertises itself (registers a site-related SRV record in DNS) in any site that does not have a domain controller for that domain and for which its site has the lowest-cost connections. This process ensures
    that every site has a domain controller that is defined by default for every domain in the forest, even if a site does not contain a domain controller for that domain. The domain controllers that are published in DNS are those from the closest site (as defined
    by the replication topology.
    For example, given one domain and three sites, a domain controller for that domain might be located in two of the sites, but there might be no domain controller for the domain in the third site. Replication to the domain that does not have a domain controller
    in the third site might be too expensive in terms of cost or replication latency. To ensure that a domain controller can be located in the site closest to a client computer, if not the same site, Windows 2000 automatically attempts to register a domain
    controller in every site. The algorithm that is used to accomplish automatic site coverage determines how one site can "cover" another site when no domain controller exists in the second site.

  • How to restore a remote site after a crash?

    I have read the site management FAQ and it mentions to restore your files you can go to your remote site and load back to your local site.
    Could anyone offer some help to my situation?
    I suffered a hard drive failure, I'm running windows xp, dwcs4 and the site is hosted. I have reinstalled windows and dw. The site was created as per all the tutorials and I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in.
    Could someone point me to a tutorial or how to?
    Thanks in advance
    Jim

    "I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in."
    You lost me here. Not sure what you mean.
    Create a new site definition for local and remote sites, connect to your remote site then click Get. That's all you need to do.

  • How to prevent a solaris user to telnet from multiple computers

    Hello,
    How to prevent Solaris users to telnet from multiple computers? They should be able to telnet from only one PC.
    Please help..

    ora_tech have a good point, i was about to suggest ipfilter, which is a built-in-firewall in Solaris, but using tcp wrappers would probably be easier. It all depends on which level of security you want (blocking the telnet requests in a firewall would generally be safer than blocking them at the tcp wrapper level, since its prevents some processing).
    Since Solaris 10 you can also easily enable tcp wrappers on the inetd services with inetadm, see:
    http://blogs.sun.com/gbrunett/entry/tcp_wrappers_on_solaris_10
    .. for more details..
    .7/M.

  • How to prevent others use their iDevices to remote control apple tv?

    Hi All,
    I'm wondering that does anyone know how to prevent others use their iDevices to remote control my apple tv?
    settings
    1. the apple tv is in the school.
    2. all students could access the Internet
    3. The apple tv is sharing the same Internet with students.

    Welcome to the Apple Community.
    The remote app uses homesharing, therefore anyone wanting to control an Apple TV with the remote app would need to know the home sharing ID and password.

  • How to access a remote site in dreamweaver

    This might seem like a simple question, but i just downloaded DW as a trial, and want to try it out before buying. Now I've done the remote site set up and tested and it says it can connect to my remote site. But I want to now go to the site, log in, and make some changes to the web site pages which are stored there. None of the stuff is stored on my home PC. It's all at the remote site. So how do I edit it? How do I even log in? DW seems intended to work on files on your home PC, and then publish them to a remote site. My problem is it's all ON the remote site.

    Hi Nancy,
    No, I'm not getting those selections under the file menu. What I've done is go to server, manage servers, and set up a remote server. When I test it it says "dreamweaver connected to your web server succesfully". So I assume that the remote server, at least, is set up properly. I didn't set up a "local site" however. Perhaps that could be it? But those choices are not on the drop-down box, even grayed out. If I click on "open" the box goes to my PC for choices. On the left side it has" My recent documents, desktop, my documents, my network (which doesn't lead anywhere)

  • When you expand to show local and remote sites, in DW CS6 how do I get the local to be on the left?

    When you expand to show local and remote sites, in the previous verions of DW, the files type (local or remote) selected when not seeing both, automatically came up on the left.  I liked local when I am editing and when I am ready to upload I expand to see both local in remote.  Before, the one you had selected, in my case local, was always displayed on the left.  Now in CS6 when I have local selected before I expand, the local is on the right and remote on the left. For me that is not correct.  I find that having local on the left works best for me like reading, left to right, I want the local on the LEFT so I can put the updated from left to the remote on the right. 
    -->In DW CS6 how do I get the local to be on the left?

    Thank you so much!  That did it! 

  • I lost my Iphone 5 today in Johor Bahru. Not install Find my Phone/Icloud/Offline. How to prevent others access my email and data ? Or how to remote lost mode/locking phone ?

    I lost my Iphone 5 today in Johor Bahru. Not install Find my Phone/Icloud/Offline. How to prevent others access my email and data ? Or how to remote lost mode/locking phone ?

    suyantosdf wrote:
    I lost my Iphone 5 today in Johor Bahru. Not install Find my Phone/Icloud/Offline. How to prevent others access my email and data ? Or how to remote lost mode/locking phone ?
    If you didn't enable find my iphone in icloud settings on your phone, then you can't do a lost mode or lock your phone.
    I would assume you had a passcode on your phone to lock it.  If you didn't then start changing your passwords.
    Report the lost to your phone carrier - local authorities.

  • HT4528 How can I erase an iphone remotely due to it being lost to prevent someone from using it?

    How can I erase an iPhone remotely due to it being lost to prevent someone from using it?

    You have to have had Find My iPhone active on the device before it was stolen, and it has to be connected to the Internet via wifi or cellular. Log into www.icloud.com and see if you can locate your device. If it is offline, it means it is probably out of battery, the thief has turned it off. You can send a wipe command to the phone and if it does get connected, it will wipe the phone. If you did not have Find My iPhone active, there is nothing you can do.

  • How do I tell my browser how to find my remote site on cafe_townsend tutorial

    Worked through the tutorial in Dreamweaver 8 and everything peachy. Browser fired up everytime I hit f12. Then I got to the part where I put my local files to the remote site and now my browser can't find the URL. There are some instructions about localhost:5800 for coldfusion but not sure what it means. What or where do I enter the magic information to let my IE8 in Windows 7 know how to find my remote web sight?
    I sure could use some advice....Thanks Popeyebedford1     [email protected]

    I know about that tab, but the problem is that the iPod carries those preferences with it from computer to computer. I do want it to automatically update when plugged into my iBook, but I don't want it to when I plug it into the old G4. Right now my iPod is linked to two different libraries when it should only be to one. I know I can work around this by changing the preferences every time I decide to plug my iPod from one computer to the other, but it seems a little unnecessary—like there should be an easy way to just stop the synching altogether on my old computer...

  • How do i find specific software count on computers in apple remote Desktop

    Hi,
    Is there a way to find specific software across a range of computers in Apple Remote Desktop? Like Microsoft Office 2011 Mac. 

    You can do a File Search for the application name, or all applications by specifying the "kind" as "application".  Note that Office 2011 is not an application but a suite of applications, so you'd have to search for the specific application - Word, for instance.
    Regards.

Maybe you are looking for