Solved

Lockout

Posted on 2006-11-14
5
208 Views
Last Modified: 2010-04-11
I just found out from our security admin that one cannot apply a local policy on an XP box to a group in Active Directory.  This creates a particular challenge for us.  This is what I am trying to do.

Task:  Disallow most domain users from logging in to the domain on 6 individual computers.
    Exceptions to this:
           Domain Admins
           10 specific users whos names will change over time
0
Comment
Question by:tedpenner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 250 total points
ID: 17942159
1. Create a new security group and add the 10 desired users.

2. Add the 6 restricted computers to an OU.  To preserve other policies it might be simplest to create a new OU under the one they're currently in.

3. Create a new Group Policy Object and configure the setting "Log on locally" under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.  Add Domain Admins and the group from Step 1.

4. Link this GPO to the OU containing the restricted workstations.

5. (optional) Run gpupdate /force on the restricted workstations if you want the settings to be applied immediately.

When you want to change the list of allowed users just modify the membership of the security group.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 250 total points
ID: 17983157
You don't need to create a new OU, you just need to setup the correct permissions for the GPO, just set the apply policy permission to the machine account or to a group of computer accounts.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
A look at what happened in the Verizon cloud breach.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month3 days, 17 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question