• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

deny a user the rights to log on to certain PCs

In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?
0
zolcer
Asked:
zolcer
  • 3
1 Solution
 
KenMcFCommented:
You can create a new GPO and through security filtering add the computer. Then deny this user deny login local access.

http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/08/01/Group-Policy-Security-Filtering.aspx

http://technet.microsoft.com/en-us/library/cc728210%28WS.10%29.aspx
0
 
BigBadWolf_000Commented:
Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)
0
 
BigBadWolf_000Commented:
make sure u give the custom group same permissions as the user group
0
 
BigBadWolf_000Commented:
ooops ignore last post
0
 
zolcerAuthor Commented:
Thanks a lot, worked beautifully.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now