Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies
From: Tim Hines [MSFT] (timhines_at_online.microsoft.com)
Date: 11/03/03
- Next message: Davíð Víðisson: "Re: Prove this correction update for Windows"
- Previous message: David Reed: "Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies"
- In reply to: David Reed: "Prevent Domain Users from logging on to specific PCs w/ Group Policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Nov 2003 10:12:36 -0500
There are 2 policy settings that you can use to do this. You can do this using the "logon locally" setting or the "deny logon locally". I've included more information below.
Log on locally
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Description
Determine which users can log on at the computer.
This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.
The default groups that have this right on each platform are:
a.. Workstations and Servers
a.. Administrators
b.. Backup Operators
c.. Power Users
d.. Users
e.. Guest
b.. Domain Controllers
a.. Account Operators
b.. Administrators
c.. Backup Operators
d.. Print Operators
Note
To allow a user to log on locally to a domain controller, you have to grant this right by means of the Default Domain Controller GPO.
Related Policies
Deny logon locally
Deny logon locally
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Description
Determines which users are prevented from logging on at the computer. This policy setting supercedes the Log on locally policy setting if an account is subject to both policies.
This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.
By default, there are no accounts denied the ability to logon locally.
-- Tim Hines, MCSE, MCSA Windows 2000 Directory Services ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. "David Reed" <dreed@no.spam.please.srdcorp.com> wrote in message news:#2f$grhoDHA.2000@TK2MSFTNGP12.phx.gbl... > Hi everyone, > > I want to create a Group Policy that I can apply to my personal desktop and > the servers that I manage (which are NOT DC's), so that only myself and > other administrators can log on to them (at all). > > Can someone offer a suggestion on how I would go about specifying exactly > who can and who cannot log into specific MS 2k Pro workstations, as well as > some MS Windows 2k Servers? > > Thanks, > > David > > -- > David Reed > Nework Administrator > dreed@no.spam.please.srdcorp.com > >
- Next message: Davíð Víðisson: "Re: Prove this correction update for Windows"
- Previous message: David Reed: "Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies"
- In reply to: David Reed: "Prevent Domain Users from logging on to specific PCs w/ Group Policies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
