Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Logon locally to client computers

Posted on 2007-04-02
5
Medium Priority
?
267 Views
Last Modified: 2010-04-18
How do I allow specific users and groups to logon locally to client machines?  Additionally, I do not want these users to be able to login locally to the server.  I am running Windows 2003 SP2 right now.  Your help is appreciated!
0
Comment
Question by:christopher_perry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 18837477
Place your workstations in a separate OU from your servers.

Create a Group Policy Object and link it to the WorkstationsOU.

Within the Group Policy, configure "Allow Logon Locally" under Computer Configuration-->Windows Settings-->Security Settings-->User Rights Assignment and list the specific users/groups in question.  Use groups wherever possible, or else you'll be modifying this GPO every time a user is added or removed from AD.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18839390
Alternatively go into AD properties of the users. Select the accounts tab and click on the "Log on to" button. Specify the workstation(s) where the user should be able to log on to.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18839950
@The_Kirschi,
I am fairly certain that the process you are describing limits which local hosts the account holder may use to log onto the domain.

@christopher_perry,
The most direct way is to create local accounts on each local host for those users. Of course, that is fairly labor intensive (i.e., 'Pain in the Tookus').
Vic
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18841568
@younghw:

Yes, that's correct. Maybe I should have mentioned that.
0
 

Author Comment

by:christopher_perry
ID: 18843717
Laura- that worked wonderfully.  Thanks!
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question