• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Can you set Log On To with a Group Policy?

I know you can go to a user's properties in AD, to the account tab, and select log on to which will restrict their ability to log in to certain machines.  Is there a way to set this using a group policy?  I'd like to set this for an entire OU instead of clicking on a bunch of accounts.  I am using Active Directory 2008.
0
jdouthit
Asked:
jdouthit
1 Solution
 
himvyCommented:
Open the GPO linked to the ou that contains the computers in question.
Open the COMPUTER configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignement.
Here find the key "Log on Localy".
This is the one you want!
Edit it.
In it's window, check "Define this Policy" and then add click on "Add user or group" button. Add the users and groups that you want to be able to log on interactively (that means at the machine). Make sure you include the Administrators group. This will be the admins for the local machine. It does not work without it.

 
OR,check out the link below:

http://blog.unflap.com/2009/11/02/restrict-ad-users-from-certain-domain-machines-in-server-2003/
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now