Solved

Active Directory Login

Posted on 2006-11-08
3
191 Views
Last Modified: 2012-03-15
Hi,

Is their any way, by GPO, to deny AD computer login based on AD group membership? E.g. If a user is a member of group 'Test 1', he/she will not be able to login to a PC with the relevant GPO applied...

Michael
0
Comment
Question by:Barnardos_2LS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17899029
sure, just deny the logon locally right to members of that group.  Done.

this can be done on the local computer policy of that PC, not neccessarily a GPO.

i'm sure it can be done with a GPO, but the easiest way is the method i mentioned above.

0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17899127
How do i deny through the local computer policy?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 17899217
start>run>MMC to open up the MMC (microsoft management console)
file>add/remove snapin> choose add, then choose Group Policy
then choose the computer you want to manage (if you aren't physically on it alread)
then browse down to computer configuration>windows settings>security settings>local policies>user rights assignment> and then choose deny logon locally....
then put the group in the deny logon locally section and you are done.

MAKE SURE YOU DONT CHOOSE A GROUP THAT INCLUDES EVERYONE OR ELSE NOBODY WILL BE ABLE TO LOG INTO THAT MACHINE

close the MMC (you dont need to save it) the save option saves the MMC settings for later use, not the changes you just made.





0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADMT Intra Forest migration questions 7 302
DHCP server 6 68
need help with active directory 4 79
Promote Server 2012 R2 on Server 2003 domain 13 77
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question