Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

deny certain user from specific pcs

Status
Not open for further replies.
77zxmax

77zxmax

MIS
Dec 28, 2004
45
CA
Greeting
we have a server with DC , and about 10 windows xp clients:
we have usernames and password created for each client user
and we also have one public username and password eg: username = user and password = user

now lets say i don't want computer #1 to be accessed with that public username and password ..
how would i do that ?

i hope i was clear explaining
thanks in advance
 
Sort by date Sort by votes
Hi there,

In 2003 you can open Active Directory users and computers. Simply right-click the user name in question and go to properties. Choose the account tab and then Log on to command button.

I hope it is the same on 2000.

Regards,

Peter

Remember- It's nice to be important,
but it's important to be nice :)
 
Upvote 0 Downvote
The above would work if you want to specify allowed locations to log on to, which may be a more common rule for a generic account. If you still would rather just deny certain computers, then you would use group policy (either through OU or on local PC). There is a setting under Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment that lists users and groups to "Deny log on locally
 
Upvote 0 Downvote
Deny logon locally only works to deny logon to server. If you created the users in AD you should be able to specify where certains usernames can logon to what machines.

Check out our website
 
Upvote 0 Downvote
so i guess petrosky had the best solution for this ?
 
Upvote 0 Downvote
77zxmax-

It all depends on how you want to manage it. Either way works, it is just a matter of how many machines need to be touched or entered in some list. You asked about deny and that is the way I answered.

If you only want the generic user denied from computer #1 but allowed everywhere else, then you have to list 9 computers in the "Log on to" list. Or you could just go to computer #1 and deny it there. And if you add more computers, then you have to maintain the "Log on to" list.

If you only want the generic login to be used on one or two computers and denied everywhere else, then definitely use the "Log on to" list. Otherwise you would have to keep denying the login on new machines.

I don't know why arsbargains replied the way he did. Deny logon locally is valid for non-server versions of 2000/XP. If you apply it to a group of machines through AD GPO, then those machines will deny that list or group of users. If you apply it locally through gpedit, then it will be valid on the local machine whether it is server or workstation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
240
mangentle
mangentle
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
308
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
413
goombawaho
goombawaho
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
102
penguinroundup
penguinroundup
maybeimaleo
  • Locked
  • Question
Can SMTP Be Migrated From 2008 R2 to 2019?
Replies
1
Views
120
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top