How to restrict some users to login?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have a Win 2003 domain that has several OUs. Each OU has several
user-groups for different Labs -- for security issues, e.g. file sharing,
printer sharing etc. Now, all users in a OU can login to any computer that
belongs to that OU (not neccessary in the same Lab). A director of a lab
asks me if there is a way to allow only users in his lab to be able to log in
to his lab's computers. Is it possible to do this? that is only one group
of users can log in some computers, but other user-groups cannot log in even
they are in the same OU?

Any help or link is greatly appreciated!

Harvey
 
Yes it is possible, but this is not an XP question, you should ask in a 2k3
server group.
 
You need to manage the user rights for logon locally and deny logon locally
to do what you want. Keep in mind however that deny logon locally trumps
logon locally so be careful and try to manage those user rights. For
instance you could create a global group, add users to that global group
that you do not want to logon to a computer and then add that group to the
deny logon locally user right for that computer. That can also be applied at
the OU level for computer accounts that exist in the OU via a Group Policy
linked to that OU.

Steve
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Allow lab manager admin rights to group of computers 1
Canoscan FS4000US IR/FARE Problem 1
Prevent all users from any other OUs from logging into Special OU 1
Group Policies applying to Machines 3
Change default printer for ALL profiles? 4
Windows 7 hardest hit by WannaCry worm 1
gpedit.msc controls 1
Access denied to Control Panel applets! 7

Back
Top