Link to home
Start Free TrialLog in
Avatar of zolcer
zolcerFlag for Switzerland

asked on

deny a user the rights to log on to certain PCs

In a Windows domain, we have a certain domain user that should be denied the right to log on to a specific PC (a domain member, of course). He should be allowed to work on all other domain members, however.

How do I configure that?
ASKER CERTIFIED SOLUTION
Avatar of KenMcF
KenMcF
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of BigBadWolf_000
Since it a one user on a specific PC.

On the PC...
Create a group called Blocked Logons
Add the user to the group

By default in local gpo computer cfg>Windows Settings>Security Set>Local Plcy>UserRightsAssesment>logOnLocally
only gives logon rights to the following groups....
Admin, Backup Opr, Guest, Powerusr, Users (make sure the user is not part of these groups)
make sure u give the custom group same permissions as the user group
ooops ignore last post
Avatar of zolcer

ASKER

Thanks a lot, worked beautifully.