[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


restrict users to login to the domain

Posted on 2011-04-27
Medium Priority
Last Modified: 2012-05-11
we have windows server 2003.  i want to restrict users to login to the server.

i want to create a user like, he should add client to domain, change the date and time, change network properties. but he should not get any administrator rights. and he should be able to login in to the server.

please give me some guidence to create group policies to give this type of policies.
Question by:ramachandraraju
  • 2
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35476333

Author Comment

ID: 35481347
hi muzafar 13,

thanks for ur response. i did the delegation but my query is,
the should able to add the client to the server. but he should not able to log in  into the server. how to restrict a user from log in into the server.

Accepted Solution

AdamJur earned 200 total points
ID: 35513120
within the group policy that is applied to the server [assuming domain controller with Default Domain Controller Policy enabled] modify the following

COMPUTER  CONFIGURATION - Policies - Windows Settings - Local Policies/user Rights Assignment.
Configure the deny logon locally or logon through terminal server to prohibit a user from logging into the server.

Author Comment

ID: 35795534
i need more information. because i didnt get exact information. i want to block all the users except some ADMIN persons. please provide some help to restrict all the users login into Domain controller.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question