No announcement yet.

deny logon from certain groups to certain computers

  • Filter
  • Time
  • Show
Clear All
new posts

  • deny logon from certain groups to certain computers

    u can define for each user "logon workstatins",
    but can i define to certain computers only 1 global
    group (+ domain admins, of course) that will be allowed to logon on to,
    and by that restrict all the other domain users from logging on?

    * because of a certain feature we've got on the domain, the local
    administrators group contains the domain users

    10x in advance

  • #2
    Create a new GPO and configure the settings as shown in the attached picture.

    May I ask what feature is that ? Do you want to tell me that all the users are in local Administrators group on DCs and member server ?
    Are you aware that this means that any of them can become pretty easily a Domain Admin ?
    Attached Files
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      can i apply this policy on all the department computers at once, or should i do it comuter by computer?

      and as for your q: each time user X preforms logon, he's bein' added to the local administrator group on the specified computer.