Solved

Logon locally to client computers

Posted on 2007-04-02
5
264 Views
Last Modified: 2010-04-18
How do I allow specific users and groups to logon locally to client machines?  Additionally, I do not want these users to be able to login locally to the server.  I am running Windows 2003 SP2 right now.  Your help is appreciated!
0
Comment
Question by:christopher_perry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18837477
Place your workstations in a separate OU from your servers.

Create a Group Policy Object and link it to the WorkstationsOU.

Within the Group Policy, configure "Allow Logon Locally" under Computer Configuration-->Windows Settings-->Security Settings-->User Rights Assignment and list the specific users/groups in question.  Use groups wherever possible, or else you'll be modifying this GPO every time a user is added or removed from AD.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18839390
Alternatively go into AD properties of the users. Select the accounts tab and click on the "Log on to" button. Specify the workstation(s) where the user should be able to log on to.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18839950
@The_Kirschi,
I am fairly certain that the process you are describing limits which local hosts the account holder may use to log onto the domain.

@christopher_perry,
The most direct way is to create local accounts on each local host for those users. Of course, that is fairly labor intensive (i.e., 'Pain in the Tookus').
Vic
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18841568
@younghw:

Yes, that's correct. Maybe I should have mentioned that.
0
 

Author Comment

by:christopher_perry
ID: 18843717
Laura- that worked wonderfully.  Thanks!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question