Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hi,
I have a windows 2000 domain controller. I have a bunch of win2k and
winxp computers as part of the domain.
Currently, each user is a part of their local administrator group on
their own machine (domain admin users are also part of the local
administrator group).
What I am trying to do is set up the network so that only people that
are part of the local administrator group on a particular box as
permitted to log in. I was able to figure out how to make this work
for local users, however, I could not make it work for domain users.
ex. computer name: Computer1
local account: localuser1
local account: localuser2
local account: administrator
The domain has the following user accounts.
domain account: domainaccount1
domain account: domainaccount2
Administrator Group on local machine has the following members:
localuser1
domainuser1
domainadmins
administrator
So, what I would like a policy that would meet the following
requirements:
1. localuser1 can login
2. localuser2 can not login
3. domainuser1 can login
4. domainuser2 can not login.
If someone could help me with this I would really appriciate it. I am
trying to prevent users from loging into other peoples workstations in
an attemt to evade security etc.
Thank you again,
Peter
Hi,
I have a windows 2000 domain controller. I have a bunch of win2k and
winxp computers as part of the domain.
Currently, each user is a part of their local administrator group on
their own machine (domain admin users are also part of the local
administrator group).
What I am trying to do is set up the network so that only people that
are part of the local administrator group on a particular box as
permitted to log in. I was able to figure out how to make this work
for local users, however, I could not make it work for domain users.
ex. computer name: Computer1
local account: localuser1
local account: localuser2
local account: administrator
The domain has the following user accounts.
domain account: domainaccount1
domain account: domainaccount2
Administrator Group on local machine has the following members:
localuser1
domainuser1
domainadmins
administrator
So, what I would like a policy that would meet the following
requirements:
1. localuser1 can login
2. localuser2 can not login
3. domainuser1 can login
4. domainuser2 can not login.
If someone could help me with this I would really appriciate it. I am
trying to prevent users from loging into other peoples workstations in
an attemt to evade security etc.
Thank you again,
Peter