Deny login access to computers in an OU via Group Policy

Posted on 2014-03-31
Medium Priority
Last Modified: 2014-04-03
Since XP is coming to it's end of life I will like to stop users accessing any XP workstation using Group Policy. All my XP workstation reside in a separate Organisational Unit (OU).

Basically, I will like to stop users accessing these XP workstations in this OU or once a computer object  is moved into this OU. Please what is the best approach in achieving this via GPO?

Look forward to hearing from you soon.


Question by:adigu1t

Accepted Solution

Hassan Besher earned 1500 total points
ID: 39968453
Create an Group Policy for that OU. THIS group policy will have an entry under computer configuration, windows settings, security settings, local policies, user rights assignment for "Allow logon locally". (The local GPO for XP machines has a Deny Logon Locally setting, but not an Allow Logon Locally setting. Go figure.)
4. Configure this right, adding "Administrators" and the users you want to log on to this PC. ( P.S. Do NOT configure "Deny logon locally" for everyone!! Deny overrides allow!)
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39968884

apply "WMI" filter for xp os ............

select * from Win32_OperatingSystem where Version like "5.1%"

for more detail visit this site  
LVL 59

Expert Comment

ID: 39973021
Simply remove the physical machines :)
Or remove them from active directory, works, too.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question