Prohibit multiple users from logging on

[Alice]

I need to prohibit multiple users(10)from logging onto 1
specific machine. There are 10 machines in their area and
they are allowed access to the others. I have group
policies in place for some settings, but am not looking to
enact a policy just for this issue.

W2k AD domain with w2k pro clients

Thanks

 

[Steven L Umbach]

In Local Security Policy [secpol.msc] configure the user right for logon
locally to have just the users or groups you want and remove users and
everyone groups. It is under security settings/local policies/uer rights
assignments. --- Steve

 

[Alice]

Is there a way to do this remotely? I tried just copying
a modified scepol.msc file to the target machine, but the
change did not take.

-----Original Message-----
In Local Security Policy [secpol.msc] configure the user right for logon
locally to have just the users or groups you want and remove users and
everyone groups. It is under security settings/local policies/uer rights
assignments. --- Steve

I need to prohibit multiple users(10)from logging onto 1
specific machine. There are 10 machines in their area and
they are allowed access to the others. I have group
policies in place for some settings, but am not looking to
enact a policy just for this issue.

W2k AD domain with w2k pro clients

Thanks

.

 

[Paul Adare - MVP - Microsoft Virtual PC]

microsoft.public.win2000.security news group, Alice

Is there a way to do this remotely? I tried just copying
a modified scepol.msc file to the target machine, but the
change did not take.

A file with the extension of .MSC is simply an MMC console document and
has nothing to do with whether or not security is applied.

Since you've already got an Active Directory domain in place, why not
just use the simple route and either create a new GPO or add the
required settings to an existing one?

 

[Steven L Umbach]

As Paul suggested put it in it's own OU, otherwise use ntrights [rights are
case sensitive] to configure that user right remotely or create a custom
security template with the needed user rights assigned to it and then copy
that template to the target computer and create a batch file using secedit
to configure that computer with that template by making that batch file a
startup script which you would have to do remotely from another comupter by
running mmc/Group Policy - another computer. After a reboot the computer
should have the new security policy in place. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;279664

Is there a way to do this remotely? I tried just copying
a modified scepol.msc file to the target machine, but the
change did not take.

-----Original Message-----
In Local Security Policy [secpol.msc] configure the user right for logon
locally to have just the users or groups you want and remove users and
everyone groups. It is under security settings/local policies/uer rights
assignments. --- Steve

I need to prohibit multiple users(10)from logging onto 1
specific machine. There are 10 machines in their area and
they are allowed access to the others. I have group
policies in place for some settings, but am not looking to
enact a policy just for this issue.

W2k AD domain with w2k pro clients

Thanks

.