Blocking log-ons to specific computers by specific users

Giganews Newsgroups
Subject: Blocking log-ons to specific computers by specific users
Posted by:  JR Raith (james.raithi…
Date: Wed, 22 Apr 2009

Hi Again,

I've been pulling my hair out trying to get a GPO going to block
specific users from logging in to specific computers, but it just
doesn't seem to be working. It's a 2003 Server and workstations ranging
from Win98 to WinXP.

I've been testing mostly on a Win2k client as that should work most easily.

It seems ridiculous that I would have to add in every single group to
the "Deny Local Log-on" policy... I also seem to have trouble figuring
out where or how to apply a policy to a specific computer.

Ideally, I'd like to say "Users in Group A are allowed to log on to
Computer 1; all other users are denied." I'd hate to have to add more
than a dozen groups or so to the Deny List before setting this up for
all of the various computers became really, really tedious... Is there a
better way?

Thanks and sorry for the newbie question.