Solved

deny a user the rights to log on to certain PCs

Posted on 2010-11-15
5
339 Views
Last Modified: 2012-05-10
In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?
0
Comment
Question by:zolcer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34136385
You can create a new GPO and through security filtering add the computer. Then deny this user deny login local access.

http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/08/01/Group-Policy-Security-Filtering.aspx

http://technet.microsoft.com/en-us/library/cc728210%28WS.10%29.aspx
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136543
Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136570
make sure u give the custom group same permissions as the user group
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136590
ooops ignore last post
0
 
LVL 3

Author Closing Comment

by:zolcer
ID: 34163027
Thanks a lot, worked beautifully.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question