?
Solved

Cannot access domain through Secpol.

Posted on 2004-09-01
5
Medium Priority
?
274 Views
Last Modified: 2010-03-18
Hi

I want to control which domain users can and can't log on to a certain workstation. I logged onto the workstation as a local administrator and ran the secpol snap-in. I went to Local Policies/User Rights Assignments/log on locally and could see all the local & service accounts, but I could not access the domain - the box was grayed out.

Any ideas?
0
Comment
Question by:Jason210
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
ID: 11952536
are you running Active Directory?  What kind of network is this?

all aspects of domain administration is centralized.  You do not set local security policies to control this.  The user will be logging into the domain, not the local computer, so you need to deny him access to the domain fom that particular machine.  If you are using Active Directory, you can set this in the user properties in Active Directory Users and Computers.

If you are not using AD please specify what OS the domain controller and workstation is running
0
 
LVL 11

Author Comment

by:Jason210
ID: 11952733
Hello

Perfect! I am using AD and I found the security tab where you said it should and bingo.

Thanks!
0
 
LVL 11

Author Comment

by:Jason210
ID: 11952804
Would be obliged if you could tell me in the same column how, once I have found the computer in AD, how I go about restricting certain domain users from logging on to that computer?'

Thanks...
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11952992

I'm not at a domain right now.  The only way I am sure how to do it is to go to the properties for the USER and click the ACCOUNT tab.  Then Click the "LOG ON TO" button and restrict Computers.

Sorry if you closed out the question too early.  If you would like, I'll post a question in the Windows 2000 forum asking if there is a way to do it by computer.
0
 
LVL 11

Author Comment

by:Jason210
ID: 11956064
Don't worry about my closing the question too early. I'm not at a domain right now either, but I'll go throgh what you said tomorrow and I can't get it to work then I'll repost the question myself-

Thnx
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question