I believe the actual problem is in effective settings of the policy. I
assume you have edited "Deny Logon Locally" settings in local security
policy on these PCs. However, in Default Domain Policy this setting is also
defined, and the list is empty. Since domain policies override local
policies, the effective setting is that noone is denied local (interavtive)
logon privilege.
So yes, you have to edit domain policy. In fact, it would be a good idea to
create a policy specially for that purpose, define the setting(s) in that
policy, and apply it to all required computer accounts.
"GM" <(E-Mail Removed)> wrote in message news:c4ra4n$5mo$(E-Mail Removed)...
> Hi,
>
> I want to make my computer (OS=Win2KPro) only accessible for certain
> domain users. The domain my PC is on, is a Win2000 domain.
> So on my PC, I created a group DenyLogon and added all those users/groups
> who I want to deny to login. So I added this group DenyLogon to the Deny
> Logon Locally policy of my PC ... but, this approach doesn't seem to work
> (yes I rebooted my computer after wards) :-(
>
> Anyone an idea what I did wrong ? Or can this only be accomplished by
> editing the domain policies ?
>
> Thanx in advance,
>
> Gaetan Martens
>
|
Similar Threads
