Restrict Logon

B

bkesting

Is there anyway through Active Directory, or other means,
that I can prevent certain users from logging onto
specific machines while still being able to log into
machines elsewhere on the Active Directory network?

The client machines in question are all Windows XP Pro SP2
and the Active Directory is on a Windows 2000 server.

Thanks in advance for any help.
 
G

Gautam Anand

yes. On the Machines in question, you can modufy their Local Policy: and
put their names in the Deny Logon Locally user right.

1. on these machines open gpedit.msc
2. Explore to ComputerConfig-Windows Settings-Security Settings-Local
Policies - User Rights Assignment - Deny Logon Locally and add these bunch
of users.
3. You might consider placing these users in a new group and then add that
group to Deny Logon Locally to make things faster to setup

4. Please do consider the implication of putting ppl in a Deny Logon
Locally.
 
H

H2K

Hi bkesting :) ... On Active Directory Users and 'puters, on the User'
Properties, Click the Account Tab and then click the "Log On To...
Button, There select "The following computers" and Add the name of th
'puters to which this particular user will be able to LogOn to


-
H2
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Reinstallin OS 1
Cant access active directory in win XP/win 2003 with a win 2003 PD 4
Restrict Multiple logon in Active directory Domain 5
Active Directroy Client Extension 1
ADUC without adminpak installation 4
installing apps through active directory and group policy editor 3
How to restrict users logging into multiple computers? 1
Exclude accounts from password policy 4

Top