Solved

deny a user the rights to log on to certain PCs

Posted on 2010-11-15
5
336 Views
Last Modified: 2012-05-10
In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?
0
Comment
Question by:zolcer
  • 3
5 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34136385
You can create a new GPO and through security filtering add the computer. Then deny this user deny login local access.

http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/08/01/Group-Policy-Security-Filtering.aspx

http://technet.microsoft.com/en-us/library/cc728210%28WS.10%29.aspx
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136543
Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136570
make sure u give the custom group same permissions as the user group
0
 
LVL 14

Expert Comment

by:BigBadWolf_000
ID: 34136590
ooops ignore last post
0
 
LVL 3

Author Closing Comment

by:zolcer
ID: 34163027
Thanks a lot, worked beautifully.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
document a domain users/computers 1 34
Need all users in AD Forest with some exception 30 39
GPupdate /sync 1 40
Duplicate SPN records 4 19
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question