Announcement

Collapse
No announcement yet.

remove the "domain users group" form "local users group" problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • remove the "domain users group" form "local users group" problem

    Hi,
    I am an administrator on my domain and I donít want any employees to login to my PC, so I did is following:

    1- I added my domain user account in the local administrator group.
    2- I remove domain admin group from local administrator group.
    3- I remove domain users group from local users group.
    However, when I tried to login with my domain account it accept me but I cannot see the desktop, I tried many time logging in and restart the PC but no luck, when I put back the domain users group into local users group it solve the problem,

    My question:
    1- Why this issue happen when I remove the domain users from local users group
    2- How to solve this problem in a professional way putting in mind that I need the solution to affect only me.

  • #2
    Re: remove the "domain users group" form "local users group" problem

    Here's one suggestion:

    Leave the domain users group as a member of the local users group. Leave your domain account as the only member of the local administrators group. Open up the local security policy, user rights assignment and set the "Allow log on locally" right to only your domain user account.

    Comment


    • #3
      Re: remove the "domain users group" form "local users group" problem

      but if I do what you suggest in 60m when group policy refresh time accrue then it will be back to the default setting.

      Comment


      • #4
        Re: remove the "domain users group" form "local users group" problem

        When you click on "Allow log on locally", and add your desired user to the list, and apply okey, it should be saved. If it keeps changing, then you got somthing wrong.

        Comment


        • #5
          Re: remove the "domain users group" form "local users group" problem

          Local security policy will only be overridden if you have a GPO that changes the setting. The Default Domain GPO does not have this setting configured, so if it is being "reset" then you have a GPO that applies to this computer that is setting it. If so, set the GPO to not configured for this particular user right.

          Comment


          • #6
            Re: remove the "domain users group" form "local users group" problem

            this mean i have to move my computer to different OU and overridden the GPO

            Comment


            • #7
              Re: remove the "domain users group" form "local users group" problem

              You can deny apply for your account for that GPO. That would take precedence over the allow.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: remove the "domain users group" form "local users group" problem

                Yes, you would move your computer to a new OU. What's wrong with that? It will still get all the other GPO settings (as long as you don't enable Block Inheritance) and set the option you want from the OU specific GPO.

                Comment

                Working...
                X