[gptalk] Re: Prohibit 'Log On To' via GPO?

  • From: "Harding, Devon" <dharding@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 11 Feb 2008 11:14:46 -0500

Yes, but isn't this type of policy applied computer objects only?  If
this is the case, I would have to apply it to all Domain Computers?  And
what about trusted computers?

 

-Devon 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: Monday, February 11, 2008 11:08 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Prohibit 'Log On To' via GPO?

 

Using the "deny local logon" setting is probably your best option.
Create a generic group for your domain named something like "Block Local
Logon" and apply it via Group Policy.

 

Then all you have to do from that point forward is nest any groups of
users you want to prohibit from logging on inside of that group. If they
most definitely will not require the ability to logon at some point in
the future, this is the only way I can think of to do it quickly.

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Harding, Devon
Sent: Monday, February 11, 2008 10:03 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Prohibit 'Log On To' via GPO?

 

That's what I want to do, but I want  it based of group membership, so I
wouldn't have to do it manually every time.  Is this possible?

 

-Devon 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of hans straat
Sent: Saturday, February 09, 2008 3:45 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Prohibit 'Log On To' via GPO?

 

Harding,
 
I think you should configure Logonon only to this computer in his
account and leave that blanc. Not sure if that would work but that is
the quick solution that pops up in my mind.
 
regards,
Hans Straat
www.datacrash.net




 

________________________________

Subject: [gptalk] Prohibit 'Log On To' via GPO?
Date: Fri, 8 Feb 2008 17:40:38 -0500
From: dharding@xxxxxxxxxxxxxxxx
To: gptalk@xxxxxxxxxxxxx; ActiveDir@xxxxxxxxxxxxxxxxxx

Is it possible to prohibit a group of users from logging on to any
computer in a domain and only have the ability to authenticate?  We need
this for our VPN consultants.

 

Devon Harding

Windows Systems Engineer

Southern Wine & Spirits - BSG

954-602-2469

 

 

________________________________

This message is the property of Southern Wine & Spirits or its
affiliates. It is intended only for the use of the individual or entity
to which it is addressed and may contain information that is non-public,
proprietary, privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product. If you are
not the intended recipient, you are hereby notified that any use,
dissemination, distribution, or copying of this communication is
strictly prohibited. If you have received this communication in error,
notify us immediately by telephone and (i) destroy this message if a
facsimile or (ii) delete this message immediately if this is an
electronic communication. 
Thank you. 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).

 

________________________________

This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply). 

Other related posts: