Re: question about log on to a group of computer

From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 11/16/05 

Date: Wed, 16 Nov 2005 08:24:12 +0100

Hi,

Use "Allow log on locally" policy on the computers (e.g. local policy on
group policy if these computers are part of Active Directory).

In this case only GrpSales would have "Allow log on locally" permission on
the computer in SalesComputer.

Policy is located here Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\

Here is the description of the policy...

Allow log on locally
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/15744f9c-e188-4fac-ac60-9380a58b30ae.mspx

Note: be careful with Deny log on locally (and other Deny policies) since
you can lock yourself out from the computer if you are not careful.

Note: by default Users group will have permissions to log on locally. If
this computer is member of domain you have to remove Users from this
policy... 

-- 
Mike
Microsoft MVP - Windows Security
"djtony" <djtonyyyyyyyyyyyyyyyyy@i-cable.com> wrote in message 
news:%23ZRpoDn6FHA.3760@TK2MSFTNGP14.phx.gbl...
> hi all,
>
> how can i setup the security for the following case ?
>
> CompanyXYZ have 2 working locations -- AreaSales and AreaAccount.
> 40 computers located in AreaSales. 40 computers located in AreaAccount.
> DomainXYZ have 2 Groups -- GrpSales and GrpAccount
>
> how can i permit the GrpSales user to access SalesCompter only but no
> AccountComputer??
> and permit the GrpAccount user to access AccountComputer only but no
> SalesComputer ??
>
> thanks
>
> tony
>
>

Relevant Pages

  • Re: Reinstall everytime assigned applications through GPO on start
    ... Software installation extension has been called for background policy refresh ... Stations - R&D Software (EMEA computers). ... Stations - R&D Software (EMEA computers) is set for installation because it ... The assignment of application Remote Administrator v2.1 from policy Software ...
    (microsoft.public.windows.group_policy)
  • Re: better way to limit users/group to logon to specific workstati
    ... You can still do it in policy, ... logon locally setting, and apply it to all computers except the ones you ... Workstations" attribute - applying to the user accounts ...
    (microsoft.public.windows.group_policy)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.windows.terminal_services)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.security)
  • Re: Remote Desktop thru VPN and Network Security
    ... You can use Remote Access Policies to configure exactly what users can ... access via their VPN connection. ... If you create a policy you can then edit ... infection if users are copying files back and forth between computers. ...
    (microsoft.public.windowsxp.security_admin)