Sign in with
Sign up | Sign in
Your question

limit domain user login to specific group on 2 xp machines

Last response: in Windows 2000/NT
Share
Anonymous
September 12, 2005 1:30:43 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

All,

I am trying to limit domain usage on a couple of computers in a
computer "lab" setting. I would like to have a specific domain group
(group x) login to two student machines in this lab setting. This group
(other than admins) should be the only people to be able to do this.

I have tried a fix I read about in another posting that had me deleting
the "domain users account under the "users" group in "groups" from
managing "local users and groups" in the "computer management" console,
and replacing with the specific user(s) from the domain, it did not
work, and I am not sure why (I even deleted all exisiting domain
profiles).

Any Ideas?

Thanks in advance,

-Patrick Montag
Anonymous
September 12, 2005 3:56:33 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Try setting the local security policy setting
Local Policies-User Rights Assignments-Log on Locally
set this to the AD group/groups you created.
Anonymous
September 13, 2005 2:21:29 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

By default, members of the local groups, Administrators, Backup Operators,
Power Users, Users and Guest (if its enabled) can logon locally. Perhaps
the users you don't want to be able to logon locally are members of another
of these groups besides Users.

You can control who can logon locally using the Group Policy settings in
Computer Configuration
Windows Settings
Security Settings
Local Policies
User Rights Assignment
Allow log on locally
and
Deny log on locally

Remember that "deny" supercedes "allow", so if a particular user gets both
Allow and Deny (e.g. by being members of several groups), they won't be able
to log on locally.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Patrick" <pat.montag@gmail.com> wrote in message
news:1126542642.999601.297590@o13g2000cwo.googlegroups.com...
> All,
>
> I am trying to limit domain usage on a couple of computers in a
> computer "lab" setting. I would like to have a specific domain group
> (group x) login to two student machines in this lab setting. This group
> (other than admins) should be the only people to be able to do this.
>
> I have tried a fix I read about in another posting that had me deleting
> the "domain users account under the "users" group in "groups" from
> managing "local users and groups" in the "computer management" console,
> and replacing with the specific user(s) from the domain, it did not
> work, and I am not sure why (I even deleted all exisiting domain
> profiles).
>
> Any Ideas?
>
> Thanks in advance,
>
> -Patrick Montag
>
!