Solved

Active Directory Login

Posted on 2006-11-08
3
189 Views
Last Modified: 2012-03-15
Hi,

Is their any way, by GPO, to deny AD computer login based on AD group membership? E.g. If a user is a member of group 'Test 1', he/she will not be able to login to a PC with the relevant GPO applied...

Michael
0
Comment
Question by:Barnardos_2LS
  • 2
3 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17899029
sure, just deny the logon locally right to members of that group.  Done.

this can be done on the local computer policy of that PC, not neccessarily a GPO.

i'm sure it can be done with a GPO, but the easiest way is the method i mentioned above.

0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17899127
How do i deny through the local computer policy?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 17899217
start>run>MMC to open up the MMC (microsoft management console)
file>add/remove snapin> choose add, then choose Group Policy
then choose the computer you want to manage (if you aren't physically on it alread)
then browse down to computer configuration>windows settings>security settings>local policies>user rights assignment> and then choose deny logon locally....
then put the group in the deny logon locally section and you are done.

MAKE SURE YOU DONT CHOOSE A GROUP THAT INCLUDES EVERYONE OR ELSE NOBODY WILL BE ABLE TO LOG INTO THAT MACHINE

close the MMC (you dont need to save it) the save option saves the MMC settings for later use, not the changes you just made.





0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question