Solved

Logon locally to client computers

Posted on 2007-04-02
5
253 Views
Last Modified: 2010-04-18
How do I allow specific users and groups to logon locally to client machines?  Additionally, I do not want these users to be able to login locally to the server.  I am running Windows 2003 SP2 right now.  Your help is appreciated!
0
Comment
Question by:christopher_perry
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18837477
Place your workstations in a separate OU from your servers.

Create a Group Policy Object and link it to the WorkstationsOU.

Within the Group Policy, configure "Allow Logon Locally" under Computer Configuration-->Windows Settings-->Security Settings-->User Rights Assignment and list the specific users/groups in question.  Use groups wherever possible, or else you'll be modifying this GPO every time a user is added or removed from AD.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18839390
Alternatively go into AD properties of the users. Select the accounts tab and click on the "Log on to" button. Specify the workstation(s) where the user should be able to log on to.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18839950
@The_Kirschi,
I am fairly certain that the process you are describing limits which local hosts the account holder may use to log onto the domain.

@christopher_perry,
The most direct way is to create local accounts on each local host for those users. Of course, that is fairly labor intensive (i.e., 'Pain in the Tookus').
Vic
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18841568
@younghw:

Yes, that's correct. Maybe I should have mentioned that.
0
 

Author Comment

by:christopher_perry
ID: 18843717
Laura- that worked wonderfully.  Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question