Denying domain user from loggin on member workstation

[MikeM]

I have a domain and I want to restrict the ability of certain domain user
accounts from logging on a particular member workstation. How do I limit
which computers certain domain users can logon? I tried setting the local
security policy, "deny local logon" and I applied the the domain user
account I wanted to restrict, on the workstation where I wanted to
retriction - but it did not keep them from logging on.

Please tell me how to do this. Thanks.

 

[Steven L Umbach]

That should work unless a domain/OU policy is overriding the setting. Check
"effective" settings in the Local Security Policy to see if that is the case. You
could also create an OU for those workstations with it's own GPO that restricts those
users. --- Steve

 

[Nick]

-----Original Message-----
I have a domain and I want to restrict the ability of certain domain user
accounts from logging on a particular member workstation. How do I limit
which computers certain domain users can logon? I tried setting the local
security policy, "deny local logon" and I applied the the domain user
account I wanted to restrict, on the workstation where I wanted to
retriction - but it did not keep them from logging on.

Please tell me how to do this. Thanks.


.
The best way to enforce what machines a user can access

is using Active Directory Users and Computers, go to the
user account of the restricted user, then under the
Account tab, choose the 'Log On To' button and list the
machines the user is allowed access to. You will also
want to make sure they do not have a 'local' account on
any machines you do not want them to have the ability to
access.

Have a great day!