|Subject:||Blocking log-ons to specific computers by specific users|
|Posted by:||JR Raith (james.raithi…@colorado.edu)|
|Date:||Wed, 22 Apr 2009|
I've been pulling my hair out trying to get a GPO going to block
specific users from logging in to specific computers, but it just
doesn't seem to be working. It's a 2003 Server and workstations ranging
from Win98 to WinXP.
I've been testing mostly on a Win2k client as that should work most easily.
It seems ridiculous that I would have to add in every single group to
the "Deny Local Log-on" policy... I also seem to have trouble figuring
out where or how to apply a policy to a specific computer.
Ideally, I'd like to say "Users in Group A are allowed to log on to
Computer 1; all other users are denied." I'd hate to have to add more
than a dozen groups or so to the Deny List before setting this up for
all of the various computers became really, really tedious... Is there a
Thanks and sorry for the newbie question.