Cannot access domain through Secpol.

Posted on 2004-09-01
Medium Priority
Last Modified: 2010-03-18

I want to control which domain users can and can't log on to a certain workstation. I logged onto the workstation as a local administrator and ran the secpol snap-in. I went to Local Policies/User Rights Assignments/log on locally and could see all the local & service accounts, but I could not access the domain - the box was grayed out.

Any ideas?
Question by:Jason210
  • 3
  • 2
LVL 15

Accepted Solution

adamdrayer earned 500 total points
ID: 11952536
are you running Active Directory?  What kind of network is this?

all aspects of domain administration is centralized.  You do not set local security policies to control this.  The user will be logging into the domain, not the local computer, so you need to deny him access to the domain fom that particular machine.  If you are using Active Directory, you can set this in the user properties in Active Directory Users and Computers.

If you are not using AD please specify what OS the domain controller and workstation is running
LVL 11

Author Comment

ID: 11952733

Perfect! I am using AD and I found the security tab where you said it should and bingo.

LVL 11

Author Comment

ID: 11952804
Would be obliged if you could tell me in the same column how, once I have found the computer in AD, how I go about restricting certain domain users from logging on to that computer?'

LVL 15

Expert Comment

ID: 11952992

I'm not at a domain right now.  The only way I am sure how to do it is to go to the properties for the USER and click the ACCOUNT tab.  Then Click the "LOG ON TO" button and restrict Computers.

Sorry if you closed out the question too early.  If you would like, I'll post a question in the Windows 2000 forum asking if there is a way to do it by computer.
LVL 11

Author Comment

ID: 11956064
Don't worry about my closing the question too early. I'm not at a domain right now either, but I'll go throgh what you said tomorrow and I can't get it to work then I'll repost the question myself-


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question