Group Policy How-To question

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Does anyone know how I might limit a users access to logging into a
workstation? We have a large group of users who need to be in our directory
but we do not want them to have the ability to sit down and login to a
machine on our network. They are external customers and not employees. How
would I allow a webserver to verifiy them and their rights but not allow them
to login to a workstation?

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

There is a user rights called logon locally and deny logon locally that can
be used to configure what users can logon to a computer. The deny overrides
any allow permissions. Often it is easier to assign users to groups and then
grant just those groups that you want to be able to logon to the logon
locally user right. You can configure such in Local Security Policy/security
settings/local polices/user rights. For more than a few domain computers you
can configure at the Organizational Unit level after creating a Group Policy
for the OU and move those computers into the OU that you want to restrict
who logs onto them. --- Steve


"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:656A6798-DF9E-43A9-ADC9-4E6F00D697AB@microsoft.com...
> Does anyone know how I might limit a users access to logging into a
> workstation? We have a large group of users who need to be in our
> directory
> but we do not want them to have the ability to sit down and login to a
> machine on our network. They are external customers and not employees. How
> would I allow a webserver to verifiy them and their rights but not allow
> them
> to login to a workstation?

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Would configuring the user object with the "Log on to" work? (presuming
there isn't a lot of consultants?)

Ken

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eSOAWWnJFHA.3832@TK2MSFTNGP12.phx.gbl...
> There is a user rights called logon locally and deny logon locally that
> can be used to configure what users can logon to a computer. The deny
> overrides any allow permissions. Often it is easier to assign users to
> groups and then grant just those groups that you want to be able to logon
> to the logon locally user right. You can configure such in Local Security
> Policy/security settings/local polices/user rights. For more than a few
> domain computers you can configure at the Organizational Unit level after
> creating a Group Policy for the OU and move those computers into the OU
> that you want to restrict who logs onto them. --- Steve
>
>
> "Patrick" <Patrick@discussions.microsoft.com> wrote in message
> news:656A6798-DF9E-43A9-ADC9-4E6F00D697AB@microsoft.com...
>> Does anyone know how I might limit a users access to logging into a
>> workstation? We have a large group of users who need to be in our
>> directory
>> but we do not want them to have the ability to sit down and login to a
>> machine on our network. They are external customers and not employees.
>> How
>> would I allow a webserver to verifiy them and their rights but not allow
>> them
>> to login to a workstation?
>
>