Security Policy Differences between XP and Win 7

Posted on 2013-09-04
Medium Priority
Last Modified: 2013-09-05
I have a modified security Policy on some XP computers that limits logon to certain users and groups. The USER group us removed.  This does what I need to limit logon to certain XP computers on a domain.

I know that this can be done other ways via GPO and OUs, but I would appreciate it if any response sticks to the local machine.

When I go into SECPOL on a Windows 7 machine, where I used to see Log on Locally, I now see Deny logon locally.

I don't want to deny certain groups. I only want to allow certain groups.  Am I missing something?  How do I do the same on Windows 7 boxes as I had done on XP Boxes.

I can and have searched for this.  But I like asking the question here because I get more specific answers.

Question by:MrSlithy
  • 2

Accepted Solution

alicain earned 2000 total points
ID: 39465666
Hello MrSlithy,

Both "Deny logon locally" and "Allow log on locally" existed in XP and are still present in Windows 7.

In SECPOL.MSC I can see both of these on a test machine I'm looking at here...sounds odd if they are not visible to you.  I wonder if there is something wrong with the local policy on your machine that is doing this - has there been any customisation of it?


Author Closing Comment

ID: 39465767
Silly Rabbit!!!  its under "A" for allow.  I never had need for the Deny in XP. So the two opposites were "Deny  . . ."  and "Logon Locally"

I saw the DENY in Win 7, but I scrolled down to L and never found Logon Locally.

How was that for easy points?  Don't I feel silly.

Expert Comment

ID: 39466325
Glad that was it.  It's better to ask and move on than stare blankly at the screen!

Lets be honest, we've all been there at some point :-)

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question