• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

deny a user the rights to log on to certain PCs

In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?
0
zolcer
Asked:
zolcer
  • 3
1 Solution
 
KenMcFCommented:
You can create a new GPO and through security filtering add the computer. Then deny this user deny login local access.

http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/08/01/Group-Policy-Security-Filtering.aspx

http://technet.microsoft.com/en-us/library/cc728210%28WS.10%29.aspx
0
 
BigBadWolf_000Commented:
Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)
0
 
BigBadWolf_000Commented:
make sure u give the custom group same permissions as the user group
0
 
BigBadWolf_000Commented:
ooops ignore last post
0
 
zolcerAuthor Commented:
Thanks a lot, worked beautifully.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now