Solved

Deny login access to computers in an OU via Group Policy

Posted on 2014-03-31
3
1,713 Views
Last Modified: 2014-04-03
Since XP is coming to it's end of life I will like to stop users accessing any XP workstation using Group Policy. All my XP workstation reside in a separate Organisational Unit (OU).

Basically, I will like to stop users accessing these XP workstations in this OU or once a computer object  is moved into this OU. Please what is the best approach in achieving this via GPO?

Look forward to hearing from you soon.

Regards,

TA
0
Comment
Question by:adigu1t
3 Comments
 
LVL 6

Accepted Solution

by:
Hassan Besher earned 500 total points
ID: 39968453
Create an Group Policy for that OU. THIS group policy will have an entry under computer configuration, windows settings, security settings, local policies, user rights assignment for "Allow logon locally". (The local GPO for XP machines has a Deny Logon Locally setting, but not an Allow Logon Locally setting. Go figure.)
4. Configure this right, adding "Administrators" and the users you want to log on to this PC. ( P.S. Do NOT configure "Deny logon locally" for everyone!! Deny overrides allow!)
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39968884
hi,

apply "WMI" filter for xp os ............

select * from Win32_OperatingSystem where Version like "5.1%"



for more detail visit this site  
"http://technet.microsoft.com/en-us/library/cc947846%28WS.10%29.aspx"
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39973021
Simply remove the physical machines :)
Or remove them from active directory, works, too.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question