Restrict users to logon on the particular computer

[Adnan]

Hi,
I have windows Server 2003 as domain controller and i have almost 1000
users in my domain. I want that only few users can logon on my
particular xp machine and all others users should be denied to access
that computer.

Can any body help me to reslove this issue.

 

[Jorge de Almeida Pinto [MVP - DS]]

create group in AD, put everyone in it that should be able to logon to that
machine
then on that particular machine open the local security policy and on the
user rights node remove authenticated users (or everyone or both) from ALLOW
LOGON LOCALLY and put your group in there

this way only member of that group is allowed to logon locally to that
machine

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Florian Frommherz [MVP]]

Adnan,

I have windows Server 2003 as domain controller and i have almost 1000
users in my domain. I want that only few users can logon on my
particular xp machine and all others users should be denied to access
that computer.

You can configure the local Group Policy in

CompConf\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\ - Log on locally.

Put users that are allowed to log on at that machine in there. Remove
others. Be sure to not lock yourself out... try to not use the "Deny log
on locally" permission..

cheers,

Florian

 

[Meinolf Weber [MVP-DS]]

Hello Adnan,

You can move your machine to a separate OU and use the Computer configuration,
windows settings, security settings, local policies, user rights assignment,
Allow Logon locally with only the allowed user accounts with a GPO for your
machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Jorge de Almeida Pinto [MVP - DS]]

I would prefer to configure it locally on the computer as it is just one
computer. Creating an OU and GPO just for ONE computer is in my opinion
overkill

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Meinolf Weber [MVP-DS]]

Hello Jorge de Almeida Pinto [MVP - DS],

Agreed.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Jorge de Almeida Pinto [MVP - DS]]

great! ;-)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

Hello Jorge de Almeida Pinto [MVP - DS],

Agreed.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm