Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lockout

Posted on 2006-11-14
5
Medium Priority
?
211 Views
Last Modified: 2010-04-11
I just found out from our security admin that one cannot apply a local policy on an XP box to a group in Active Directory.  This creates a particular challenge for us.  This is what I am trying to do.

Task:  Disallow most domain users from logging in to the domain on 6 individual computers.
    Exceptions to this:
           Domain Admins
           10 specific users whos names will change over time
0
Comment
Question by:tedpenner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 1000 total points
ID: 17942159
1. Create a new security group and add the 10 desired users.

2. Add the 6 restricted computers to an OU.  To preserve other policies it might be simplest to create a new OU under the one they're currently in.

3. Create a new Group Policy Object and configure the setting "Log on locally" under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.  Add Domain Admins and the group from Step 1.

4. Link this GPO to the OU containing the restricted workstations.

5. (optional) Run gpupdate /force on the restricted workstations if you want the settings to be applied immediately.

When you want to change the list of allowed users just modify the membership of the security group.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 1000 total points
ID: 17983157
You don't need to create a new OU, you just need to setup the correct permissions for the GPO, just set the apply policy permission to the machine account or to a group of computer accounts.
0

Featured Post

Protect Your Retail Business and Reputatio

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for a webinar on Sept. 28th to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Check out what's been happening in the Experts Exchange community.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question