deny logon access to groups

G

Guest

I know how to setup individual users so that they can only log into specific
computers, but is there a way to allow/deny GROUPS from logging into
computers?

We need specific groups to have access to a computer, and no one else can
for security reasons. How can I implement the policy to allow them all to
log in at the group level instead of at the individual level? (I can't find
it in GPO)

Thanks
 
G

Guest

This is an easy process. Create a new OU for your computer/groups. Assign a
GPO to that OU and grant the Read + "Apply Group Policy" permissions to the
user groups. The GPO string is:

Computer Configuration | Windows Settings | Secutiry Settings | Local
Policies | Log on Locally (Add your groups that you want to be able to logon
here, dont forget to apply this GPO to the groups in Active Directroy (OU
Level) as well)

I have this setup on several groups of systems on my network. This has been
working for quite some time now with no problems.

HTH

Drum on .. .. .. .
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Deny groups from logging into specific computers 1
Local Logon Prevention in W2K / XP 1
0x80070569: Logon failure: the user has not been granted the requested logon type at this computer. 2
Deny Logon Locally 6
allow ms to monitor user activities or be denies access 2
Copy local users and groups 3
Group logon Deny 4
Windows XP Logon script location 3

Top