Solved

Logon locally to client computers

Posted on 2007-04-02
5
265 Views
Last Modified: 2010-04-18
How do I allow specific users and groups to logon locally to client machines?  Additionally, I do not want these users to be able to login locally to the server.  I am running Windows 2003 SP2 right now.  Your help is appreciated!
0
Comment
Question by:christopher_perry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18837477
Place your workstations in a separate OU from your servers.

Create a Group Policy Object and link it to the WorkstationsOU.

Within the Group Policy, configure "Allow Logon Locally" under Computer Configuration-->Windows Settings-->Security Settings-->User Rights Assignment and list the specific users/groups in question.  Use groups wherever possible, or else you'll be modifying this GPO every time a user is added or removed from AD.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18839390
Alternatively go into AD properties of the users. Select the accounts tab and click on the "Log on to" button. Specify the workstation(s) where the user should be able to log on to.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18839950
@The_Kirschi,
I am fairly certain that the process you are describing limits which local hosts the account holder may use to log onto the domain.

@christopher_perry,
The most direct way is to create local accounts on each local host for those users. Of course, that is fairly labor intensive (i.e., 'Pain in the Tookus').
Vic
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 18841568
@younghw:

Yes, that's correct. Maybe I should have mentioned that.
0
 

Author Comment

by:christopher_perry
ID: 18843717
Laura- that worked wonderfully.  Thanks!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question