Solved

deny a user the rights to log on to certain PCs

Posted on 2010-11-15
5
334 Views
Last Modified: 2012-05-10
In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?
0
Comment
Question by:zolcer
  • 3
5 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34136385
You can create a new GPO and through security filtering add the computer. Then deny this user deny login local access.

http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/08/01/Group-Policy-Security-Filtering.aspx

http://technet.microsoft.com/en-us/library/cc728210%28WS.10%29.aspx
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136543
Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136570
make sure u give the custom group same permissions as the user group
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136590
ooops ignore last post
0
 
LVL 3

Author Closing Comment

by:zolcer
ID: 34163027
Thanks a lot, worked beautifully.
0

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now