technical solutions and commentary

Adding a log on banner to a Windows Active Directory network is simple, and should is considered a security best practice.

You can use language similar to this example…

“NOTICE: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be logged and monitored if unauthorized use is suspected. The security policy dictates the installation of unauthorized software is not allowed, including but not limited to internet based applications and toolbars.”

You can enable this logon banner in Group Policy. This is one of the few changes I would recommened be made in the ‘Default Domain Policy’.

For Windows 2003 Server:
Open the GPO… expand ‘Windows Settings’, ‘Security Settings’, ‘Local Policies’, ‘Security Options’.

“Interactive Logon: Message title for users attempting to log on”.
(Place your message into this policy.)

“Interactive Logon: Message text for users attempting to log on”
(use something like “System Use Notice” for the title of the message box .)

For Windows 2000 Servers:
Open the GPO… ‘Computer Configuration’, ‘Windows Settings’, ‘Security Settings’, ‘Local Policies’, ‘Security Options’

“Message text for users attempting to log on”
(Place your message into this policy.)

“Message title for users attempting to log on”
(use something like “System Use Notice” for the title of the message box .)

Updated post with Windows 2000 settings: June 6, 2006