Solved

Cannot access domain through Secpol.

Posted on 2004-09-01
5
272 Views
Last Modified: 2010-03-18
Hi

I want to control which domain users can and can't log on to a certain workstation. I logged onto the workstation as a local administrator and ran the secpol snap-in. I went to Local Policies/User Rights Assignments/log on locally and could see all the local & service accounts, but I could not access the domain - the box was grayed out.

Any ideas?
0
Comment
Question by:Jason210
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 125 total points
ID: 11952536
are you running Active Directory?  What kind of network is this?

all aspects of domain administration is centralized.  You do not set local security policies to control this.  The user will be logging into the domain, not the local computer, so you need to deny him access to the domain fom that particular machine.  If you are using Active Directory, you can set this in the user properties in Active Directory Users and Computers.

If you are not using AD please specify what OS the domain controller and workstation is running
0
 
LVL 11

Author Comment

by:Jason210
ID: 11952733
Hello

Perfect! I am using AD and I found the security tab where you said it should and bingo.

Thanks!
0
 
LVL 11

Author Comment

by:Jason210
ID: 11952804
Would be obliged if you could tell me in the same column how, once I have found the computer in AD, how I go about restricting certain domain users from logging on to that computer?'

Thanks...
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11952992

I'm not at a domain right now.  The only way I am sure how to do it is to go to the properties for the USER and click the ACCOUNT tab.  Then Click the "LOG ON TO" button and restrict Computers.

Sorry if you closed out the question too early.  If you would like, I'll post a question in the Windows 2000 forum asking if there is a way to do it by computer.
0
 
LVL 11

Author Comment

by:Jason210
ID: 11956064
Don't worry about my closing the question too early. I'm not at a domain right now either, but I'll go throgh what you said tomorrow and I can't get it to work then I'll repost the question myself-

Thnx
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question