We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Active Directory Login

Barnardos_2LS
on
Medium Priority
206 Views
Last Modified: 2012-03-15
Hi,

Is their any way, by GPO, to deny AD computer login based on AD group membership? E.g. If a user is a member of group 'Test 1', he/she will not be able to login to a PC with the relevant GPO applied...

Michael
Comment
Watch Question

sure, just deny the logon locally right to members of that group.  Done.

this can be done on the local computer policy of that PC, not neccessarily a GPO.

i'm sure it can be done with a GPO, but the easiest way is the method i mentioned above.

Author

Commented:
How do i deny through the local computer policy?
start>run>MMC to open up the MMC (microsoft management console)
file>add/remove snapin> choose add, then choose Group Policy
then choose the computer you want to manage (if you aren't physically on it alread)
then browse down to computer configuration>windows settings>security settings>local policies>user rights assignment> and then choose deny logon locally....
then put the group in the deny logon locally section and you are done.

MAKE SURE YOU DONT CHOOSE A GROUP THAT INCLUDES EVERYONE OR ELSE NOBODY WILL BE ABLE TO LOG INTO THAT MACHINE

close the MMC (you dont need to save it) the save option saves the MMC settings for later use, not the changes you just made.





Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.