none
Trusted domain deny Computer logon

    Question

  • Hi,

    My computer is joined to the domain "ABC.com"

    We now have a trust with the domain "XYZ.com"

    I want that user in my domain "ABC.com" are not allowed to logon the trusted domain when they start up their PC's.

    Because a user in my domain has accendtly enter his credentials for the trusted domain and had trouble with his PC.

    How to block user login with their PC in a trusted domain ?

    Thank you

    Wednesday, September 25, 2013 9:32 AM

Answers

All replies

  • Hi,

    We could set  "Deny log on locally" to Domain Users in Domain ABC.com to computers in Domain XYZ.com. Or limit "Allow log on locally" user right assignment for the domain-based Group Policy applicable to computers in Domain XYZ.com to Domain Users group in Domain XYZ.com.

    More info at http://social.technet.microsoft.com/Forums/en/winserverGP/thread/466fae2d-3acb-4e08-b65b-4e668f9e97ac

    Or, we could set user's property to restrict what computers users could logon to, right click user name, choose properties, and under account, click log on to, add computer names.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Thursday, September 26, 2013 2:42 AM
    Moderator
  • Hi Yan,

    Thank you for your answer.

    I don't understand exactly what you mean with the "Allow logon lcoally" options.

    My problems is that all my company computers are member of the domain ABC.com. All users that are using those computers logon to the domain ABC.com with a user from the ABC.com domain.

    Now we have a trust with the domain XYZ.com because alls people have a second login in this domain for email accounts.

    I want to deny people from using their XYZ.com credentials to login into the domain XYZ.com from a PC member of the ABC.com domain.

    I hope you understand my request :-)

    Thank you

    Alain

    Thursday, September 26, 2013 1:17 PM
  • Hi,

    The below article should be what you are looking for:

    How to restrict use of a computer  to one domain user only

    http://support.microsoft.com/kb/555317


    Cataleya Li
    TechNet Community Support

    Friday, September 27, 2013 5:32 AM
    Moderator
  • Hi,

    I had a look to your article.

    I've tried the option "C" but how to select a group to deny logon local for ALL USERS in the XYZ.com domain ?

    Thank you

    Alan

    Friday, September 27, 2013 6:07 AM
  • Hi,

    Enable "Deny logon locally" user right to the source domain user account/s:

    Add domain users group in XYZ.com to the policy.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Monday, September 30, 2013 3:18 AM
    Moderator
  • Hi,

    The problem is that I dont have "domain users" group for this XYZ.com domain. 

    When I try to add the group and click "check names" the system doesn't foud the "domain users" . I can find each users separatly but not the group "domain users"

    Regards,

    Alain

    Monday, September 30, 2013 7:41 AM
  • Hi,

    I was finally able to set the "Deny Logon localy" to "Domain Users" for my trusted domain.

    Thank you

    Wednesday, October 02, 2013 7:11 AM