Skip navigation

JSI Tip 1620. How do I prevent a domain controller from validating user credentials?

To reduce load on a BDC, you could pause the netlogon service.

Pausing the netlogon service has the following effects:

1. Does not disconnect any existing sessions.

2. Prevents users from logging on and creating a new connection.

3. When connecting to a share on the BDC with the paused netlogon service, validation occurs locally.

Stopping the netlogon service is not a good idea as it prevents the BDC from receiving updates, which could cause a user to be denied access when they change their password.

You must allow the netlogon service to run at startup, so a secure channel can be established.

You can use Control Panel / Services / netlogon / Pause to pause it and Control Panel / Services / netlogon / Continue to restart it. To automate this process:

1. You can schedule (AT) the pause and continue for various times during the day using the net pause and net continue command.

2. You can use Autoexnt and Soon from the reskit, to pause the netlogon service if the boot occurs during a period when netlogon should be paused. See Time Math.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish