log on locally

This topic contains 2 replies, has 3 voices, and was last updated by Avatar biggles77 1 year, 6 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • Avatar


    I have 2 questions :
    1. How can i disable the option for all users in my domain to login to all stations? I want to make it by default for all current users and new users

    2.After i did this how can i configure specific users to log on locally to the stations with local admin privileges on the stations?




    If you go into Active Directory Users and Computers, you have the option in user properties to restrict which computers they can log onto. Note this is per user, so depending on the size of your domain it will be a lot of work to restrict them to only a computer.
    If you can be a bit more flexible (group of users can log onto group of computers) you could play with group policies using the Deny Logon Locally user right – even then I would ask WHY you need to restrict users in this way and why you cannot e.g. have an Acceptable Use Policy (with sanctions for non-compliance) combined with auditing to ensure users follow it.

    Local Admins can be set via restricted groups – again depending on the size of the environment, this may be difficult to set up.


    Damn, don’t have a DC at the moment but is that one of the options where you can select multiple User objects, right click, Properties and apply that setting to them all at once? Guess I had better build a DC tomorrow.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.