Re: How to restrict some users to log in?
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 16 Oct 2006 16:20:51 -0700
The most simple and direct way to do this is to take control over either
the user right to Log on locally, or, the membership of the Users group,
on each machine. You can do either using a GPO linked to the OU that
contains the affected machines (in your case you may want to consider
a minor reorganization so that there is an OU for computers of each lab,
likely as a subOU within the current OU)
You need to be very careful that Authenticated Users and/or Domain
Users are not granted the local login user right, either directly or via
membership in Users (if Users is given that user right)
--
Roger Abell
Microsoft MVP (Windows Server : Security)
"Harvey" <Harvey@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4FA1A0D9-B9CF-4684-9627-CCA2B73D2029@xxxxxxxxxxxxxxxx
We have a Win 2003 domain that has several OUs. Each OU has several
user-groups for different Labs -- for security issues, e.g. file sharing,
printer sharing etc. Currently, all users in a OU can login to any
computer
that
belongs to that OU (not neccessary in the same Lab). Now, a director of a
lab
asks me if there is a way to allow only users in his lab be able to log in
to his lab's computers. That is only one group of users can log in some
computers, but other user-groups cannot log in those computers even they
are
in the same OU. Is it possible to do this? How to do it?
Any help or link is greatly appreciated!
Harvey
.
- Prev by Date: Re: Necessity for Certificate Services Web Site
- Next by Date: So why not use full disk encryption on laptops?
- Previous by thread: Re: Windows 2003 R2 not included in October Releases?
- Next by thread: So why not use full disk encryption on laptops?
- Index(es):
Relevant Pages
|
