Do not allow other domain user logon to specific workstation

Archived from groups: microsoft.public.win2000.security (More info?)

In our network I wanted to configure on win2k professional workstation such a way only one specific domain user allow to login to domain.
3 answers Last reply
More about domain user logon specific workstation
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Maha.

    Open the Local Security Policy - secpol.msc and go to security settings/local
    policies/user rights and configure the user right for logon locally to contain what
    users/groups that you need. There is also a deny logon locally user right which
    should be used with care as it will override the logon locally user right for a user
    or group and keep in mind that administrators are in the users and everyone groups.
    Local Security Policy can be overridden by domain/OU policy which would be evidenced
    by effective settings being different than local settings. --- Steve


    "MAHA" <MAHA@discussions.microsoft.com> wrote in message
    news:410D54E3-DD22-44A4-8360-48F1B3F05911@microsoft.com...
    > In our network I wanted to configure on win2k professional workstation such a way
    only one specific domain user allow to login to domain.
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks Steven,
    My workstation is joined to doamin. I do have local admin rights. I want to stop other domain user logon to domian (not log on locally) from my workstation
    As you said Local Security Policy can be overridden by domain/OU policy becasue of this i gues it is not possible.

    Pls let me know
    Thanks again steven

    "Steven L Umbach" wrote:

    > Hi Maha.
    >
    > Open the Local Security Policy - secpol.msc and go to security settings/local
    > policies/user rights and configure the user right for logon locally to contain what
    > users/groups that you need. There is also a deny logon locally user right which
    > should be used with care as it will override the logon locally user right for a user
    > or group and keep in mind that administrators are in the users and everyone groups.
    > Local Security Policy can be overridden by domain/OU policy which would be evidenced
    > by effective settings being different than local settings. --- Steve
    >
    >
    > "MAHA" <MAHA@discussions.microsoft.com> wrote in message
    > news:410D54E3-DD22-44A4-8360-48F1B3F05911@microsoft.com...
    > > In our network I wanted to configure on win2k professional workstation such a way
    > only one specific domain user allow to login to domain.
    > >
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Try going into Local Security Policy and configure the user right to logon
    locally to have just administrators and your domain account which may accomplish
    what you want unless there is domain/OU policy configured which by default it is
    not. --- Steve

    "MAHA" <MAHA@discussions.microsoft.com> wrote in message
    news:9225C4E5-DAB5-49CB-9C89-33232C8F8C6D@microsoft.com...
    > Thanks Steven,
    > My workstation is joined to doamin. I do have local admin rights. I want to
    stop other domain user logon to domian (not log on locally) from my
    workstation
    > As you said Local Security Policy can be overridden by domain/OU policy
    becasue of this i gues it is not possible.
    >
    > Pls let me know
    > Thanks again steven
    >
    > "Steven L Umbach" wrote:
    >
    > > Hi Maha.
    > >
    > > Open the Local Security Policy - secpol.msc and go to security
    settings/local
    > > policies/user rights and configure the user right for logon locally to
    contain what
    > > users/groups that you need. There is also a deny logon locally user right
    which
    > > should be used with care as it will override the logon locally user right
    for a user
    > > or group and keep in mind that administrators are in the users and everyone
    groups.
    > > Local Security Policy can be overridden by domain/OU policy which would be
    evidenced
    > > by effective settings being different than local settings. --- Steve
    > >
    > >
    > > "MAHA" <MAHA@discussions.microsoft.com> wrote in message
    > > news:410D54E3-DD22-44A4-8360-48F1B3F05911@microsoft.com...
    > > > In our network I wanted to configure on win2k professional workstation
    such a way
    > > only one specific domain user allow to login to domain.
    > > >
    > >
    > >
    > >
Ask a new question

Read More

Domain Workstations Microsoft Windows