Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Prevent an AD account from logging into Client PCs

Posted on 2006-11-10
4
Medium Priority
?
491 Views
Last Modified: 2010-04-18
I need to find some way to prevent active directory users from being able to log into client PCs while still retaining domain user status (so they can log into our sharepoint portal which is exposed to the outside via AD accounts).

Example:

I have a user account spuser that is only a part of domain users. I've denied it terminal services access and it's not a part of any other security groups, but it can still log into a PC on our network. That's the last security hole i need to close.
0
Comment
Question by:craskin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 58

Accepted Solution

by:
amit_g earned 600 total points
ID: 17919004
In Active Directory you could restrict users to be able to log on to just a few computers. Open Active Dreictory and go to properites of the user. Go to Account tab and cick on the logon button. Change default setting of All computers to the following computer and only list the computers that you want to allow. Leave the list empty if you don't want to allow any.
0
 
LVL 7

Assisted Solution

by:jalilthe1
jalilthe1 earned 200 total points
ID: 17919996
0
 
LVL 31

Assisted Solution

by:Toni Uranjek
Toni Uranjek earned 200 total points
ID: 17920879
There is settings in GPO which could help you. You can use "Deny logon locally" from Computer configuration\Windows settings\Security settings\Local policies\User rights assignment.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17927146
careful who you place in that policy, you can do some serious damage unless you are very clear on who you lockdown
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question