Restricting a user from logging onto a particular computer

Discussion in 'General Microsoft Certifications' started by thetokyoproject, Aug 21, 2008.

  1. thetokyoproject

    thetokyoproject Byte Poster

    187
    20
    22
    I was wondering if there was another way of restricting a domain user from loggin onto a particular PC apart from using group policy?

    Also if GP is the only way, can we do it through local machine GP or does it have to be a domain GP?

    Cheers.
     
    Certifications: 271
  2. Arroryn

    Arroryn we're all dooooooomed Moderator

    4,015
    193
    209
    Hi TTP. From what I'm assuming (from what I know) in a 2K3 domain you can lock down in AD under 'profile' and lock down from there a user account from logging in to a certain PC? Will expand on this when I'm not replying from my Blackberry!
     
    Certifications: A+, N+, MCDST, 70-410, 70-411
    WIP: Modern Languages BA
  3. Luddym

    Luddym Megabyte Poster

    797
    19
    74
    Hi,

    In AD, on the users properties, click on the account tab, then theres a box to choose 'log on to'.

    EDIT : Sorry, I've never done this via Group Policy, so not sure exactly if it can be done there.
     
    Certifications: VCP,A+, N+, MCSA, MCSE
    WIP: Christmas Drunkard
  4. thetokyoproject

    thetokyoproject Byte Poster

    187
    20
    22

    yea, there's log onto particular machines or all machiens, but i need log onto all but one machine - there's no deny function...

    so the answer's prob in GP then.
     
    Certifications: 271
  5. Luddym

    Luddym Megabyte Poster

    797
    19
    74
    Sorry, completely misread the situation then....

    Edit your GPO and look at... Computer Configuration / Windows Settings / Security Settings / Local Policies / User Right Assignment. There's a setting for 'log on locally.'

    This settings explanation...

    Does this help?
     
    Certifications: VCP,A+, N+, MCSA, MCSE
    WIP: Christmas Drunkard
  6. Amine

    Amine Byte Poster

    133
    4
    20
    Hello,

    there is a couple of ways to achieve this...remove the domain users from the local users group...downside to doing this that it will stop nearly everyone logging to that particular computer / use a group policy by placing the computer that you dont want the user logging to into it's own OU and apply a GPO using the restricted group option...

    Hope this helps
     
    WIP: Exchange

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.