Denying domain logon to certain users on W2K workstation?

P

Pat Furrie

We have several computers on our network which attract casual users due to
their private locations in the office. We have certain domain logon
accounts that we'd like to deny any logon ability at those workstations.
When I put the accounts-in-question into a "Disallow" group on on of these
machines, and then turned off "Logon locally" permissions for that group, I
thought that might prevent (hopefully) them from logging into the domain,
but that didn't happen.

Is there a way to prevent domain users from logging into these workstations?

Pat
 
S

Steven L Umbach

That should work if it is the "effective" policy as shown in Local Security Policy
settings for those user rights. If the effective settings do not reflect what you
want, then you may have policy configured at a higher precedence level such as
domain/OU where it may need to be modified or put those computers in their own OU.
Running gpresult can help tell where a machine is receiving machine policy from. You
can also restrict users to login onto only specific domain computers in their account
properties in AD Users and Computers if you further want to restrict certain
sers. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unexplained 540 Events in Security log on W2K workstation in a dom 0
Cannot Logon to Domain 1
Logon local to W2k workstation using domain account 9
Limit logon access to the XP pro workstation on domain 4
User locked out with event 537 under type 11 logon 7
Denying domain user from loggin on member workstation 2
User account logon to domain 2
Disable Administrator Login in a W2K Domain 6

Top