Solved

Lockout

Posted on 2006-11-14
5
203 Views
Last Modified: 2010-04-11
I just found out from our security admin that one cannot apply a local policy on an XP box to a group in Active Directory.  This creates a particular challenge for us.  This is what I am trying to do.

Task:  Disallow most domain users from logging in to the domain on 6 individual computers.
    Exceptions to this:
           Domain Admins
           10 specific users whos names will change over time
0
Comment
Question by:tedpenner
5 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 250 total points
ID: 17942159
1. Create a new security group and add the 10 desired users.

2. Add the 6 restricted computers to an OU.  To preserve other policies it might be simplest to create a new OU under the one they're currently in.

3. Create a new Group Policy Object and configure the setting "Log on locally" under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.  Add Domain Admins and the group from Step 1.

4. Link this GPO to the OU containing the restricted workstations.

5. (optional) Run gpupdate /force on the restricted workstations if you want the settings to be applied immediately.

When you want to change the list of allowed users just modify the membership of the security group.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 250 total points
ID: 17983157
You don't need to create a new OU, you just need to setup the correct permissions for the GPO, just set the apply policy permission to the machine account or to a group of computer accounts.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now