Announcement

Collapse
No announcement yet.

Howto deny logon the certain users in a domain?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Howto deny logon the certain users in a domain?

    Hello,
    In my domain I've 4 different OU's with different GP's.
    An example to explain my problem:
    OU A with user PC1 and computer with computername PC1; OU B with user PC2 and computer with computername PC2. So my GP's are declared on the users PC1 and PC2. I log in as PC1 on computer PC1 and as PC2 on computer PC2, both with different GP's declared on. But the problem is that I also can log in as user PC2 on computer PC1. How can I deny this?
    Basically I mean, how can I deny logon of users member of OU B on computers member of OU A and vice versa?
    I thought that it had something to do with Restricted Groups but after research I've my doubts!


    thx in advance

  • #2
    Right now I have a teadous way, but I think I will get you another way. If you right click the user in active directory, you have account tab, under it log in to. You can choose the computers that you want him to log in to. This is a teadous way. The restriced groups meaning each computer will have the following groups meaning administrators group will contain administrator and any other account you put inside it.

    Same thing can be done through a GPO. I will update you how do do it using GPO.
    Best regards,
    Mostafa Itani

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Here it is, I promised you by the GPO: Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment.

      So you add the group of All users in OU2 and apply Deny Log on Locally for Computers in OU1.
      Best regards,
      Mostafa Itani

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment

      Working...
      X