Restrict users from logging on to a domain PC

ntossiou
ntossiou used Ask the Experts™
on
Hello all,

We have a network of 3000 users in an Active Directory domain using Windows Server 2003 R2 Enterprise.
Is there any way to restrict access to certain computers to a certain group of users, i.e. so that only the specific users can logon to the specific machines (all connected to the domain)?
Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Head of ICT
Top Expert 2009
Commented:
HI there,

There are a number of ways to do this. You can do it via group policy by applying the following policy setting to the computers in question:

Computer Configuration > WIndows Settings > Security Settings > Local Policies > User Rights Assignments > Log On Locally

You can ensure that only your group of users and Administrators can log on locally, as opposed to 'Users' which allows all Domain Users to log on.

Check the same policy using gpedit.msc on a target machine. Look at this list and ensure you replace the 'Users' group with you domain group when you apply the policy.

Alternatively you can specify what machines a user can log on to in the user properties in ADUC, but this method you cannot manage via group policy very easily.

Tony
bluntTonyHead of ICT
Top Expert 2009

Commented:
...just remember that the list of users/groups you define for 'Log On Locally' in the GPO will REPLACE all the entries currently residing in the same policy on each machine's local policy. So just make sure that you check what the current list is so you do not lock down the workstation too much.

Also bear in mind that local User Rights Assignments policies tattoo, i.e. if you remove the GPO or change the policy setting back to 'Not Defined' the settings you applied via the GPO will remain as part of the local policy on the affected machines.

Tony

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial