Re: Restricting User Logon with Group Policy
- From: "Dmitry Korolyov [MVP]" <d__k@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 Aug 2005 22:07:29 +0400
You need to modify the security privilege called "Log on locally". It can be
found under Computer Configuration\Windows Settings\Security Settings\Local
policies\user rights assignment.
By default, a lot of accounts are granted this privilege, e.g.
"Administrator", Power Users, Users and so on, depending on your current
configuration. Basically, you need to modify it allowing only Administrators
and your user account to log on locally, removing all other entries from the
list. But you might need to keep some groups or accounts depending on your
security model.
Then just apply this GPO so it affects all computer accounts where only this
user should be able to log in.
--
Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
MVP: Windows Server - Directory Services
"kelmel" <kelmel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:442C6D63-D7CE-49D6-A2B0-8210311BACC4@xxxxxxxxxxxxxxxx
> Hi,
>
> I have several computers that I need one user to log on to them and all
> other users to be restricted. I am confused about which group policy
> setting
> would work the best. I have a 2003 domain and the workstations are XP.
> Thanks!
.
- References:
- Restricting User Logon with Group Policy
- From: kelmel
- Restricting User Logon with Group Policy
- Prev by Date: Re: User Migration - Move accounts to Contacts for GAL
- Next by Date: Re: Restrict who can view an attribute.
- Previous by thread: Restricting User Logon with Group Policy
- Next by thread: RE: Restricting User Logon with Group Policy
- Index(es):
Relevant Pages
|
