Re: Blocking a group of users from logging onto a wkstn.
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 04/07/04
- Next message: Cary Shultz [A.D. MVP]: "Re: Blocking a group of users from logging onto a wkstn."
- Previous message: Chriss3: "Re: How can I replace NT4 domain with Win2K domain and keep the same domain name"
- In reply to: Herb Martin: "Re: Blocking a group of users from logging onto a wkstn."
- Next in thread: Herb Martin: "Re: Blocking a group of users from logging onto a wkstn."
- Reply: Herb Martin: "Re: Blocking a group of users from logging onto a wkstn."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 7 Apr 2004 08:02:01 -0400
Herb,
Do it all the time. There is a MSKB Article that shows you how to do this
for the 'local administrators' group but I do it for Power Users. The trick
is that you have to do the first three parts ( according to the MSKB
Article ) on the DC itself and then do the rest from a WIN2000 Pro system
that has the ADMINPAK installed. You have to use the WIN2000 Pro system as
the reference point. In fact, I just did it two days ago for Power
Users.....
Here is the link:
http://support.microsoft.com/?id=320065
Just remember that you are not restricted to the local Administrators
group...
Herb, no worries. I did not see any 'arguing' at all. We all have our
experiences and perspectives. I might do things one way while you might do
things another way. And Thank God for that! We share our ways and ideas
and maybe we come up with yet a better way! or some tiny improvements on
the way I or you do it! Totally agree about sharing ideas and experiences.
Lord only knows how much I miss!
HTH,
Cary
"Herb Martin" <news@LearnQuick.com> wrote in message
news:ufOPRBEHEHA.3032@TK2MSFTNGP09.phx.gbl...
> > Anyway, you could use Restricted Groups via GPO or you could manually do
> it
> > as you suggested...
>
> I like this idea -- I even teach it but no one has yet been able to
> give precise instructions on how it would be accomplished
> (especially with the GUI.)
>
> Has anyone ever tried to actually USE "restricted groups" from
> the domain GPO to specify the membership of a MACHINE
> local group?
>
> I tried and I cannot figure out how to do it. The problem is
> that the "machine local" groups don't show up on the domain
> controller GPO editor when you try to specify the group.
>
> (BTW, I teach about restricted groups too -- I just never
> promise they will work from domain to local machine groups.)
>
> Oh, another thing: I am NOT arguing with YOU (Cary), it just
> seemed like a good place to get some of you smart people to
> figure out a way if I missed it.....<grin>
>
>
> --
> Herb Martin
>
>
- Next message: Cary Shultz [A.D. MVP]: "Re: Blocking a group of users from logging onto a wkstn."
- Previous message: Chriss3: "Re: How can I replace NT4 domain with Win2K domain and keep the same domain name"
- In reply to: Herb Martin: "Re: Blocking a group of users from logging onto a wkstn."
- Next in thread: Herb Martin: "Re: Blocking a group of users from logging onto a wkstn."
- Reply: Herb Martin: "Re: Blocking a group of users from logging onto a wkstn."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
