Group Policy to control which PC can be log on by who

  • Thread starter Thread starter Carlos
  • Start date Start date
C

Carlos

Hi,

How to create a policy that I can control

PC1, PC2, PC3, PC4, PC5 (can create a group name ?)

to be logged on by user USR1, USR2, USR3, USR4, USR5 only (which a group is
already created).

USR1 to USR5 does not want "other" valid users to logon in their PC.
Meanwhile, the control is done using a BIOS password control which I don't
think is a good approach. Prefer to use GPO.

Thanks

Carlos.
 
Yes you can use GPO.

Create several policies using Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights Assignments - Log on
Locally. Add the appropriate group here. The filter the each policy so it
only applies to the corresponding computers (or groups of computers).
 
i know the part user rights assignments - log on locally

how to do the filter ? and how to select on impose to selected users to
selected pc

thanks !!!
 
Create a Group - "Users Allowed to Log onto Computer1". Add the users you
want into this group.

Create a Policy on the OU where your computers are located called "Logon for
Computer1". Under the Log on Locally section add the group "Users Allowed to
Log onto Computer1" and probably Administrators or whatever other IT admin
group you need.

At the moment the policy will apply to all computers in the OU, what we want
to do now is filter the policy so it only applies to Computer1.

To do this, locate the Group Policy and instead of clicking the Edit button
click the Properties button.

Go to the Security tab. For Authenticated Users uncheck Read and Apply Group
Policy. This stops the Policy applying to any and all objects in the OU. Now
we want it to only apply to Computer1, so click Add, locate the Computer1
object and add it in. Then check Read and Apply Group Policy.

Your new policy now only applies to Computer1. Repeat as necessary for
additional computers. If you have a group of computers that the only the
same group of users is allowed to log on to then create a group and add
these computers to the group. Then when you do the policy filtering add the
group in rather than the individual computer names.
 
THANKS !!

It's working now.

Brendon Rogers said:
Create a Group - "Users Allowed to Log onto Computer1". Add the users you
want into this group.

Create a Policy on the OU where your computers are located called "Logon for
Computer1". Under the Log on Locally section add the group "Users Allowed to
Log onto Computer1" and probably Administrators or whatever other IT admin
group you need.

At the moment the policy will apply to all computers in the OU, what we want
to do now is filter the policy so it only applies to Computer1.

To do this, locate the Group Policy and instead of clicking the Edit button
click the Properties button.

Go to the Security tab. For Authenticated Users uncheck Read and Apply Group
Policy. This stops the Policy applying to any and all objects in the OU. Now
we want it to only apply to Computer1, so click Add, locate the Computer1
object and add it in. Then check Read and Apply Group Policy.

Your new policy now only applies to Computer1. Repeat as necessary for
additional computers. If you have a group of computers that the only the
same group of users is allowed to log on to then create a group and add
these computers to the group. Then when you do the policy filtering add the
group in rather than the individual computer names.


Log
Click to expand...
 
Back
Top