Solved

Active Directory Login

Posted on 2006-11-08
3
188 Views
Last Modified: 2012-03-15
Hi,

Is their any way, by GPO, to deny AD computer login based on AD group membership? E.g. If a user is a member of group 'Test 1', he/she will not be able to login to a PC with the relevant GPO applied...

Michael
0
Comment
Question by:Barnardos_2LS
  • 2
3 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17899029
sure, just deny the logon locally right to members of that group.  Done.

this can be done on the local computer policy of that PC, not neccessarily a GPO.

i'm sure it can be done with a GPO, but the easiest way is the method i mentioned above.

0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17899127
How do i deny through the local computer policy?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 17899217
start>run>MMC to open up the MMC (microsoft management console)
file>add/remove snapin> choose add, then choose Group Policy
then choose the computer you want to manage (if you aren't physically on it alread)
then browse down to computer configuration>windows settings>security settings>local policies>user rights assignment> and then choose deny logon locally....
then put the group in the deny logon locally section and you are done.

MAKE SURE YOU DONT CHOOSE A GROUP THAT INCLUDES EVERYONE OR ELSE NOBODY WILL BE ABLE TO LOG INTO THAT MACHINE

close the MMC (you dont need to save it) the save option saves the MMC settings for later use, not the changes you just made.





0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Elevating Domain functional level 9 122
Best practice DHCP migration 7 67
Windows 2003 domain controller crashed BDC is 2008 server 4 77
Domain Controller FSMO 7 38
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question