top_rung
asked on
Domain and workstation security
In a 2000 active directory, domain setup, what is the proper way to restirict specific domain users from logging into specific workstations (WS).
Currently, any domain user can log into any WS that is on the domain. When that user logs into a WS, it creates that profile on the WS (e.g. user.domain.int).
On one machinne, i want to specify which domain users can log into it.
Thank you
Currently, any domain user can log into any WS that is on the domain. When that user logs into a WS, it creates that profile on the WS (e.g. user.domain.int).
On one machinne, i want to specify which domain users can log into it.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
another note.. under the Log on Locally policy these are listed:
Guest, Administrators, User, Power Users, Backup Operators.
Guest, Administrators, User, Power Users, Backup Operators.
ASKER
I removed Guest on the WS, and that did it. Anything else worth noting???
ASKER
Correction: Remove USERS and it prevents other users from loggin in. Removing "Guests" still allows them to log in.
You have to specifically add the account that you want to allow. Add the actual user account and then you can remove the user group. Then only the specific user that you have added can log on.
ASKER
I assume it is witihn Local Policies>User Rights Assignments ?? ANd also, are there multiple policies that must be adjusted? I have noticed in the past, that it can take modification of more than one particular policy to achieve one goal.
Thank you very much!