I have an organizational unit where i keep all the our company laptops.
I want to block entire domain users to logon locally on this laptops using group policy but i want to allow domains admins and users which are using this laptops to logon locally.
I tried to use "Deny logon locally" from Computer configuration -> Windows settings -> Local Policies -> User Right Assignment and restricted groups to add domain admins as local administrator. When i logon locally using an domain admin account and add an normal user to Adminstrator local group and i tried to logon locally with this user i was unable to connect.
I need some help to deny logon locally for all users except users i wants to be able to logon locally.