Solved

Lockout

Posted on 2006-11-14
5
206 Views
Last Modified: 2010-04-11
I just found out from our security admin that one cannot apply a local policy on an XP box to a group in Active Directory.  This creates a particular challenge for us.  This is what I am trying to do.

Task:  Disallow most domain users from logging in to the domain on 6 individual computers.
    Exceptions to this:
           Domain Admins
           10 specific users whos names will change over time
0
Comment
Question by:tedpenner
5 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 250 total points
ID: 17942159
1. Create a new security group and add the 10 desired users.

2. Add the 6 restricted computers to an OU.  To preserve other policies it might be simplest to create a new OU under the one they're currently in.

3. Create a new Group Policy Object and configure the setting "Log on locally" under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.  Add Domain Admins and the group from Step 1.

4. Link this GPO to the OU containing the restricted workstations.

5. (optional) Run gpupdate /force on the restricted workstations if you want the settings to be applied immediately.

When you want to change the list of allowed users just modify the membership of the security group.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 250 total points
ID: 17983157
You don't need to create a new OU, you just need to setup the correct permissions for the GPO, just set the apply policy permission to the machine account or to a group of computer accounts.
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question