GPO restricting logon to Computers

  • Thread starter Thread starter Simon Anderson
  • Start date Start date
S

Simon Anderson

Hi.

We have a collection of users who are managed by a single
department. The user accounts are created in a single
OU. We ONLY want the users to be able to connect to a
nominated list of computers within the organisation.

Is there an easy way to deny the users within an OU from
connecting to any computer in the domain?

Is there an easy way of specifying in addition to the
blanket deny those devices they are allowed to logon on to?

In simple terms I have visiting users who need NO access
to the rest of the domains PCs and for cost reasons do not
wish to have the issue of a seperate domain.
Thanks
Simon
 
You can control user access to a computer by modifying the allow accessing
this computer from the network and deny accessing this computer from the
network user rights assignment [there is a similar setting for local logon].
This setting is in the appropriate security policy in security
settings/local policies/user rights assignments. You could create a group
for those users, and place that group in the "deny" user right assignment
for computers that you do not want them to access. For computers that you
want them to access, use share and/or ntfs permissions to control what
resources are available. --- Steve
 
Here is one solution. The lists must be based on computers in OUs, and you
can use a GPO to modify the Logon Locally rights to computers in a
particular OU

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
Back
Top