Solved

Prevent an AD account from logging into Client PCs

Posted on 2006-11-10
4
473 Views
Last Modified: 2010-04-18
I need to find some way to prevent active directory users from being able to log into client PCs while still retaining domain user status (so they can log into our sharepoint portal which is exposed to the outside via AD accounts).

Example:

I have a user account spuser that is only a part of domain users. I've denied it terminal services access and it's not a part of any other security groups, but it can still log into a PC on our network. That's the last security hole i need to close.
0
Comment
Question by:craskin
4 Comments
 
LVL 58

Accepted Solution

by:
amit_g earned 150 total points
ID: 17919004
In Active Directory you could restrict users to be able to log on to just a few computers. Open Active Dreictory and go to properites of the user. Go to Account tab and cick on the logon button. Change default setting of All computers to the following computer and only list the computers that you want to allow. Leave the list empty if you don't want to allow any.
0
 
LVL 7

Assisted Solution

by:jalilthe1
jalilthe1 earned 50 total points
ID: 17919996
0
 
LVL 31

Assisted Solution

by:Toni Uranjek
Toni Uranjek earned 50 total points
ID: 17920879
There is settings in GPO which could help you. You can use "Deny logon locally" from Computer configuration\Windows settings\Security settings\Local policies\User rights assignment.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17927146
careful who you place in that policy, you can do some serious damage unless you are very clear on who you lockdown
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question