Solved

Cannot access domain through Secpol.

Posted on 2004-09-01
5
263 Views
Last Modified: 2010-03-18
Hi

I want to control which domain users can and can't log on to a certain workstation. I logged onto the workstation as a local administrator and ran the secpol snap-in. I went to Local Policies/User Rights Assignments/log on locally and could see all the local & service accounts, but I could not access the domain - the box was grayed out.

Any ideas?
0
Comment
Question by:Jason210
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 125 total points
ID: 11952536
are you running Active Directory?  What kind of network is this?

all aspects of domain administration is centralized.  You do not set local security policies to control this.  The user will be logging into the domain, not the local computer, so you need to deny him access to the domain fom that particular machine.  If you are using Active Directory, you can set this in the user properties in Active Directory Users and Computers.

If you are not using AD please specify what OS the domain controller and workstation is running
0
 
LVL 11

Author Comment

by:Jason210
ID: 11952733
Hello

Perfect! I am using AD and I found the security tab where you said it should and bingo.

Thanks!
0
 
LVL 11

Author Comment

by:Jason210
ID: 11952804
Would be obliged if you could tell me in the same column how, once I have found the computer in AD, how I go about restricting certain domain users from logging on to that computer?'

Thanks...
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11952992

I'm not at a domain right now.  The only way I am sure how to do it is to go to the properties for the USER and click the ACCOUNT tab.  Then Click the "LOG ON TO" button and restrict Computers.

Sorry if you closed out the question too early.  If you would like, I'll post a question in the Windows 2000 forum asking if there is a way to do it by computer.
0
 
LVL 11

Author Comment

by:Jason210
ID: 11956064
Don't worry about my closing the question too early. I'm not at a domain right now either, but I'll go throgh what you said tomorrow and I can't get it to work then I'll repost the question myself-

Thnx
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is this network design suitable? 3 99
Increase size of DHCP scope? 16 111
Network Switch Connections 8 68
Password recovery software 4 38
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question