Sign in with
Sign up | Sign in
Your question

Do not allow other domain user logon to specific workstation

Last response: in Windows 2000/NT
Share
Anonymous
July 31, 2004 11:05:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

In our network I wanted to configure on win2k professional workstation such a way only one specific domain user allow to login to domain.
Anonymous
July 31, 2004 10:38:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Maha.

Open the Local Security Policy - secpol.msc and go to security settings/local
policies/user rights and configure the user right for logon locally to contain what
users/groups that you need. There is also a deny logon locally user right which
should be used with care as it will override the logon locally user right for a user
or group and keep in mind that administrators are in the users and everyone groups.
Local Security Policy can be overridden by domain/OU policy which would be evidenced
by effective settings being different than local settings. --- Steve


"MAHA" <MAHA@discussions.microsoft.com> wrote in message
news:410D54E3-DD22-44A4-8360-48F1B3F05911@microsoft.com...
> In our network I wanted to configure on win2k professional workstation such a way
only one specific domain user allow to login to domain.
>
Anonymous
August 1, 2004 9:43:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks Steven,
My workstation is joined to doamin. I do have local admin rights. I want to stop other domain user logon to domian (not log on locally) from my workstation
As you said Local Security Policy can be overridden by domain/OU policy becasue of this i gues it is not possible.

Pls let me know
Thanks again steven

"Steven L Umbach" wrote:

> Hi Maha.
>
> Open the Local Security Policy - secpol.msc and go to security settings/local
> policies/user rights and configure the user right for logon locally to contain what
> users/groups that you need. There is also a deny logon locally user right which
> should be used with care as it will override the logon locally user right for a user
> or group and keep in mind that administrators are in the users and everyone groups.
> Local Security Policy can be overridden by domain/OU policy which would be evidenced
> by effective settings being different than local settings. --- Steve
>
>
> "MAHA" <MAHA@discussions.microsoft.com> wrote in message
> news:410D54E3-DD22-44A4-8360-48F1B3F05911@microsoft.com...
> > In our network I wanted to configure on win2k professional workstation such a way
> only one specific domain user allow to login to domain.
> >
>
>
>
Anonymous
August 2, 2004 4:23:34 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Try going into Local Security Policy and configure the user right to logon
locally to have just administrators and your domain account which may accomplish
what you want unless there is domain/OU policy configured which by default it is
not. --- Steve

"MAHA" <MAHA@discussions.microsoft.com> wrote in message
news:9225C4E5-DAB5-49CB-9C89-33232C8F8C6D@microsoft.com...
> Thanks Steven,
> My workstation is joined to doamin. I do have local admin rights. I want to
stop other domain user logon to domian (not log on locally) from my
workstation
> As you said Local Security Policy can be overridden by domain/OU policy
becasue of this i gues it is not possible.
>
> Pls let me know
> Thanks again steven
>
> "Steven L Umbach" wrote:
>
> > Hi Maha.
> >
> > Open the Local Security Policy - secpol.msc and go to security
settings/local
> > policies/user rights and configure the user right for logon locally to
contain what
> > users/groups that you need. There is also a deny logon locally user right
which
> > should be used with care as it will override the logon locally user right
for a user
> > or group and keep in mind that administrators are in the users and everyone
groups.
> > Local Security Policy can be overridden by domain/OU policy which would be
evidenced
> > by effective settings being different than local settings. --- Steve
> >
> >
> > "MAHA" <MAHA@discussions.microsoft.com> wrote in message
> > news:410D54E3-DD22-44A4-8360-48F1B3F05911@microsoft.com...
> > > In our network I wanted to configure on win2k professional workstation
such a way
> > only one specific domain user allow to login to domain.
> > >
> >
> >
> >
Related resources
!