• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1823
  • Last Modified:

Deny login access to computers in an OU via Group Policy

Since XP is coming to it's end of life I will like to stop users accessing any XP workstation using Group Policy. All my XP workstation reside in a separate Organisational Unit (OU).

Basically, I will like to stop users accessing these XP workstations in this OU or once a computer object  is moved into this OU. Please what is the best approach in achieving this via GPO?

Look forward to hearing from you soon.

Regards,

TA
0
adigu1t
Asked:
adigu1t
1 Solution
 
Hassan BesherCommented:
Create an Group Policy for that OU. THIS group policy will have an entry under computer configuration, windows settings, security settings, local policies, user rights assignment for "Allow logon locally". (The local GPO for XP machines has a Deny Logon Locally setting, but not an Allow Logon Locally setting. Go figure.)
4. Configure this right, adding "Administrators" and the users you want to log on to this PC. ( P.S. Do NOT configure "Deny logon locally" for everyone!! Deny overrides allow!)
0
 
Santosh GuptaCommented:
hi,

apply "WMI" filter for xp os ............

select * from Win32_OperatingSystem where Version like "5.1%"



for more detail visit this site  
"http://technet.microsoft.com/en-us/library/cc947846%28WS.10%29.aspx"
0
 
McKnifeCommented:
Simply remove the physical machines :)
Or remove them from active directory, works, too.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now