Solved

Logon locally to client computers

Posted on 2007-04-02
5
233 Views
Last Modified: 2010-04-18
How do I allow specific users and groups to logon locally to client machines?  Additionally, I do not want these users to be able to login locally to the server.  I am running Windows 2003 SP2 right now.  Your help is appreciated!
0
Comment
Question by:christopher_perry
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18837477
Place your workstations in a separate OU from your servers.

Create a Group Policy Object and link it to the WorkstationsOU.

Within the Group Policy, configure "Allow Logon Locally" under Computer Configuration-->Windows Settings-->Security Settings-->User Rights Assignment and list the specific users/groups in question.  Use groups wherever possible, or else you'll be modifying this GPO every time a user is added or removed from AD.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18839390
Alternatively go into AD properties of the users. Select the accounts tab and click on the "Log on to" button. Specify the workstation(s) where the user should be able to log on to.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18839950
@The_Kirschi,
I am fairly certain that the process you are describing limits which local hosts the account holder may use to log onto the domain.

@christopher_perry,
The most direct way is to create local accounts on each local host for those users. Of course, that is fairly labor intensive (i.e., 'Pain in the Tookus').
Vic
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18841568
@younghw:

Yes, that's correct. Maybe I should have mentioned that.
0
 

Author Comment

by:christopher_perry
ID: 18843717
Laura- that worked wonderfully.  Thanks!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now