Group Policy How-To question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Does anyone know how I might limit a users access to logging into a
workstation? We have a large group of users who need to be in our directory
but we do not want them to have the ability to sit down and login to a
machine on our network. They are external customers and not employees. How
would I allow a webserver to verifiy them and their rights but not allow them
to login to a workstation?
 
There is a user rights called logon locally and deny logon locally that can
be used to configure what users can logon to a computer. The deny overrides
any allow permissions. Often it is easier to assign users to groups and then
grant just those groups that you want to be able to logon to the logon
locally user right. You can configure such in Local Security Policy/security
settings/local polices/user rights. For more than a few domain computers you
can configure at the Organizational Unit level after creating a Group Policy
for the OU and move those computers into the OU that you want to restrict
who logs onto them. --- Steve
 
Would configuring the user object with the "Log on to" work? (presuming
there isn't a lot of consultants?)

Ken
 
Back
Top