question about log on to a group of computer

  • Thread starter Thread starter djtony
  • Start date Start date
D

djtony

hi all,

how can i setup the security for the following case ?

CompanyXYZ have 2 working locations -- AreaSales and AreaAccount.
40 computers located in AreaSales. 40 computers located in AreaAccount.
DomainXYZ have 2 Groups -- GrpSales and GrpAccount

how can i permit the GrpSales user to access SalesCompter only but no
AccountComputer??
and permit the GrpAccount user to access AccountComputer only but no
SalesComputer ??

thanks

tony
 
Hi,

Use "Allow log on locally" policy on the computers (e.g. local policy on
group policy if these computers are part of Active Directory).

In this case only GrpSales would have "Allow log on locally" permission on
the computer in SalesComputer.

Policy is located here Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\

Here is the description of the policy...

Allow log on locally
http://www.microsoft.com/technet/pr...elp/15744f9c-e188-4fac-ac60-9380a58b30ae.mspx

Note: be careful with Deny log on locally (and other Deny policies) since
you can lock yourself out from the computer if you are not careful.

Note: by default Users group will have permissions to log on locally. If
this computer is member of domain you have to remove Users from this
policy...
 
it 's worked !!
thanks a lot !



Miha Pihler said:
Hi,

Use "Allow log on locally" policy on the computers (e.g. local policy on
group policy if these computers are part of Active Directory).

In this case only GrpSales would have "Allow log on locally" permission on
the computer in SalesComputer.

Policy is located here Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\

Here is the description of the policy...

Allow log on locally
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/15744f9c-e188-4fac-ac60-9380a58b30ae.mspx

Note: be careful with Deny log on locally (and other Deny policies) since
you can lock yourself out from the computer if you are not careful.

Note: by default Users group will have permissions to log on locally. If
this computer is member of domain you have to remove Users from this
policy...
Click to expand...
 
Back
Top