Re: Security products to lock a user out of their computer

["Gaddis, Jeremy L." <jeremy () linuxwiz net>]

JGrimshaw () ASAP com wrote:
> I am looking for information on any security product that could lock a 
> user out of their computer--such as a remote user with a laptop, that has 
> been terminated. 
>
> Does anyone know of such a product?

Without more information, I'll assume Microsoft Windows 2000/XP on the 
laptop with the laptop in a domain environment...

With the laptop joined as a member of the domain, group policy can be 
set so that the laptop will not cache user credentials on the laptop 
itself.  This forces the laptop to authenticate a user's credentials 
directly against a comain controller each time a user logs in.  It is 
also necessary, however, to force (via group policy) the laptop to 
request a password when coming out of suspend/hibernation and to also 
verify that against a domain controller.

This requires that the laptop have access to a domain controller when 
authentication, however.  This may not be feasible if the user is 
working in remote locations without a connection into the network.

Without having the necessary connection, however, one must ask:  how can 
the laptop know that the user has been terminated?

HTH,
-j

--
Jeremy L. Gaddis     <jeremy () linuxwiz net>
Senior Systems Engineer
LinuxWiz Consulting