Re: Control User Access in SBS2000 Domain

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/01/05 

Date: Sat, 1 Oct 2005 12:55:29 -0500

What error message do they get or what exactly happens?? I would open Local
Security Policy on those computers and check the user right for logon
locally and deny logon locally [for Windows 2000 look at the effective
setting] to see if it is what you expect in that the users are listed or a
global group they are in is listed for allow logon locally. Keep in mind
that deny logon locally overrides the allow logon locally user rights so any
entries in that user right such as users could be causing the problem. User
rights are part of "computer" configuration and there is a distinct
difference between a group and OU. Normally [loopback processing is the
exception] if you have linked a GPO to an OU the users or computers that
you want the GPO settings top apply to must be in that OU or possibly child
OU of that OU. While the domain container is not called an OU it can be
thought of as the root OU for the domain when planning Group Policy. ---
Steve

"Todd" <Todd@basicitsupport.com.NOSPAM> wrote in message
news:3358E090-D0F0-49E5-A51A-8DD596365A76@microsoft.com...
>I have a group (OU) which needs to be limited to using only three computers
> in the domain (two of which are XP Professional) I have a group policy
> that
> limites what they can do (i.e.: they can not access the control panel or
> the
> shut down button), and this works fine, but at they can't log on to the
> two
> new XP Professional computers which have been added to the domain
> specifically for their use. Does anyone have any idea of how I can fix
> this?
>
> Thanks for all of you help
> Todd