Re: Deny Logon Locally

From: Justus (justus@dotcool.com)
Date: 08/05/02 

From: "Justus" <justus@dotcool.com>
Date: Mon, 5 Aug 2002 11:03:15 -0400

Do you have another suggestion I could do use with Group Policy?
"Ben Smith [MS]" <bensmi@microsoft.com> wrote in message
news:MPG.17b5b8ea8890b1f1989986@msnews.microsoft.com...
> In article <aibcvi$12tirk$1@ID-56130.news.dfncis.de>, Justus
> (justus@dotcool.com) writes...
> > I will be following the other 2 suggestions on removing local users but
> > would also like to add all together deny local users logon. Would I set
that
> > in the Local Security Policy for each computer under User Rights Deny
logon
> > locally or on a DC under Domain Policy user rights?
> > -Justus
> > "Jim Campau (A+ MCSE)" <Jim_Campau@bausch.com> wrote in message
> > news:#mqJawNOCHA.2576@tkmsftngp08...
> > > You can set the local logon rights to any one or group you want. This
does
> > > not effect network log on rights.
> > >
> > > "Justus" <justus@dotcool.com> wrote in message
> > > news:ai9k8b$12aakk$1@ID-56130.news.dfncis.de...
> > > > If I am using AD and want me users to have to logon to a the domain
and
> > > not
> > > > logon to there computer locally is there something I can implement
in a
> > > > domain policy or group policy? I was reading about deny log on
locally
> > but
> > > > was not sure if that prevented from logging on to the machine all
> > > together.
> > > > I don't want any of my users using any local users for the computers
> > only
> > > > logging on through the domain. What is the best way to implement
this?
> > > Some
> > > > of the user already have administrator accounts locally so they know
how
> > > to
> > > > create new local accounts. Any help or suggestions would be
appreciated.
> > > > -Thanks
> > > > Justus
>
> Revoking the right to logon locally will prohibit on any interactive
> logon, regardless of where the user's credentials are validated.
>
> --
> Ben Smith
> Microsoft Training and Certification
> Are you secure? http://www.microsoft.com/security
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.

Relevant Pages

  • Re: Interactive Logon to DC
    ... Open the Local Policies snap-in (Programs/Administrator ... items under Local Policies/User Rights Assignment ... Deny logon locally ... Pay close attention to the Effective Policy Setting column. ...
    (microsoft.public.win2000.security)
  • Re: Deny Logon Locally
    ... > would also like to add all together deny local users logon. ... > locally or on a DC under Domain Policy user rights? ...
    (microsoft.public.win2000.security)
  • Re: Right & Permissions
    ... i linked the domain controller policy to the ou i created. ... rsop.msc on the workstation i get "invalid namespace error". ... user in AD and have them as a member of the admin group also and when i logon ... to the workstation with that user i do not have admin rights?? ...
    (microsoft.public.windows.group_policy)
  • Re: Cant logon to local machine (this computer) as administrator
    ... the logon locally or deny logon locally user right are configured to ... prevent administrator or local users from logging on locally. ... rights for the mentioned user rights. ... "effective" settings the policy came from a higher priority level such as domain and ...
    (microsoft.public.win2000.security)
  • Re: Special privileges assigned to new logon??
    ... Be sure to check the user rights also. ... Type 3 logon is a network logon such ... Security Policy and go to local policies/audit policy. ... how do I enable auditing of "account management and policy ...
    (microsoft.public.security)