I want to be able to restrict who logs onto a PC. I know I can restrict a user's account so they can only log onto certain PCs. But, that's not what I want to do. I have a few PCs that only certain users should be able to log onto. I know I can to do it by deleting the 'NT Authority\Authenticated Users' and 'NT Authority\Interactive' members of the 'Users' group on the local PC, then, adding the AD users I want to be able to logon. But, I'd much rather do it with a group policy. Am I just missing the setting(s), or is it not possible with AD?