Sign in with
Sign up | Sign in
Your question

workstation login restrictions

Last response: in Windows 2000/NT
Share
Anonymous
July 18, 2005 12:09:04 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I know that AD will allow me to restrict a user access to only specified pcs
by adding the pcs to the allowed list. Is there a way that I can restrict all
unauthorized users to a specific pc. I need restrict login access to users on
a couple of desktops.

Thanks

Kevin
Anonymous
July 18, 2005 12:22:48 PM

Archived from groups: microsoft.public.win2000.security (More info?)

You should take control over the setting for the Log on locally and/or
Deny log on locally User Right on all of your machines.
There is no setting to state, if a user is not one of (a, b, c, ...) then
allow logon only at machine (x, y, z ...) directly, but with use of
a domain group that controls the machines' Log on locally User Right
this is simply done.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Kevin" <Kevin@discussions.microsoft.com> wrote in message
news:AB568BE8-8D84-428E-ACA4-74F0BBE0B0BF@microsoft.com...
> I know that AD will allow me to restrict a user access to only specified
pcs
> by adding the pcs to the allowed list. Is there a way that I can restrict
all
> unauthorized users to a specific pc. I need restrict login access to users
on
> a couple of desktops.
>
> Thanks
>
> Kevin
Anonymous
July 18, 2005 2:25:19 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Sure. Configure the user right for logon locally and deny logon locally for
your needs. Keep in mind that lack of a user right/permission is an implicit
deny, deny overrides allow, and administrators are also members of the users
and everyone groups. For a couple of computers you can use Local Security
Policy - security settings/local policies/user rights. --- Steve


"Kevin" <Kevin@discussions.microsoft.com> wrote in message
news:AB568BE8-8D84-428E-ACA4-74F0BBE0B0BF@microsoft.com...
>I know that AD will allow me to restrict a user access to only specified
>pcs
> by adding the pcs to the allowed list. Is there a way that I can restrict
> all
> unauthorized users to a specific pc. I need restrict login access to users
> on
> a couple of desktops.
>
> Thanks
>
> Kevin
Anonymous
July 18, 2005 3:12:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks I will try this

"Steven L Umbach" wrote:

> Sure. Configure the user right for logon locally and deny logon locally for
> your needs. Keep in mind that lack of a user right/permission is an implicit
> deny, deny overrides allow, and administrators are also members of the users
> and everyone groups. For a couple of computers you can use Local Security
> Policy - security settings/local policies/user rights. --- Steve
>
>
> "Kevin" <Kevin@discussions.microsoft.com> wrote in message
> news:AB568BE8-8D84-428E-ACA4-74F0BBE0B0BF@microsoft.com...
> >I know that AD will allow me to restrict a user access to only specified
> >pcs
> > by adding the pcs to the allowed list. Is there a way that I can restrict
> > all
> > unauthorized users to a specific pc. I need restrict login access to users
> > on
> > a couple of desktops.
> >
> > Thanks
> >
> > Kevin
>
>
>
!