Restricting user/group to a particular server via GP

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I would like to restrict a particular user/group to logon to a single machine
on our domain. I figured Group Policy would be the way to do this. I've
been trying to figure out the best way to do this...

Thanks in Advance for your help...

Bill
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

You can try to use Deny logon locally and Log on locally in

Comp Config\Win Settings\Sec Settings\Local Policies\User Rights Assignment

BR,
Denis

"Bill Goodman" wrote:

> I would like to restrict a particular user/group to logon to a single machine
> on our domain. I figured Group Policy would be the way to do this. I've
> been trying to figure out the best way to do this...
>
> Thanks in Advance for your help...
>
> Bill
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

And this will work!

For example, I - when testing in the lab - create three OUs ( Baseball,
Football and Basketball ) for my user account objects and two OUs ( WIN2000
and WINXP Pro ) for the computer account objects. I create three security
groups ( Baseball, Football and Basketball ) and play with this setting.
So, if I do not want any of the members of the Baseball security group to be
able to log on to the WINXP Pro machines I use this on the WINXP Pro OU and
low and behold - the members of the Baseball security group can not log on
to the WINXP Pro systems!

Cary

"Denis Wong @ Hong Kong" <DenisWongHongKong@discussions.microsoft.com> wrote
in message news:69AE49D9-78F5-40BE-950B-FA6DD323313F@microsoft.com...
> You can try to use Deny logon locally and Log on locally in
>
> Comp Config\Win Settings\Sec Settings\Local Policies\User Rights
Assignment
>
> BR,
> Denis
>
> "Bill Goodman" wrote:
>
> > I would like to restrict a particular user/group to logon to a single
machine
> > on our domain. I figured Group Policy would be the way to do this.
I've
> > been trying to figure out the best way to do this...
> >
> > Thanks in Advance for your help...
> >
> > Bill
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom