GP question

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by mcbro, Apr 4, 2010.

  1. mcbro

    mcbro Byte Poster

    136
    0
    23
    I'm trying to recreate the AD set-up at my work in my virtual lab.

    At work we have an Orphaned Computers OU into which any new PCs added to the domain join.
    I've created the OU and set it as the default for new computer accounts using redircmp.exe.

    But now I want to deny the ability to logon interactively to any PC in that OU. Any ideas on the correct GP setting?
     
    Certifications: MCITP:EA, CCNA
  2. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    Do you mean something along the lines of:

    (in a GPO)

    Computer Configuration -> Polices -> Windows Settings -> Security Settings -> Local Polices -> User Assign Rights

    "Allow log on locally"
    "Allow log on through Remote Desktop Services"
    "Deny log on locally"
    "Deny log on through Remote Desktop Services"

    -Ken

    p.s. I'm using a Window 2008 r2 domain/forest, can't remember if all those options are there in other versions.
     
    Last edited: Apr 4, 2010
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  3. mcbro

    mcbro Byte Poster

    136
    0
    23
    So i was looking in the right place.
    I got thrown by the word "locally" which i took to mean a local user account.
    How would you apply the GPO? User and group wise.
     
    Certifications: MCITP:EA, CCNA
  4. xmojo

    xmojo Nibble Poster

    89
    1
    5
    Apply the GPO to the Orphaned Computers OU only. You want to change the setting in the Computer Configuration and not the User Configuration for the GPO. Anyone attempting to log on to any computer in that OU will not be able to do so interactively.
     
    Last edited: Apr 5, 2010

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.