deny a user the rights to log on to certain PCs

In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?

Active DirectoryWindows Server 2003

Last Comment

zolcer

8/22/2022 - Mon

ASKER CERTIFIED SOLUTION

KenMcF

11/15/2010

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

BigBadWolf_000

11/15/2010

Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)

BigBadWolf_000

11/15/2010

make sure u give the custom group same permissions as the user group

BigBadWolf_000

11/15/2010

ooops ignore last post

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!

James Murphy

zolcer

11/18/2010

ASKER

Thanks a lot, worked beautifully.