none
How to prevent users from different domain to logon my domain PC?

    Question

  • I have PCs sitting in a shared area and I would like to prevent users from different domain to logon to my computers. How do I do that with GPO? I searched internet and they suggested "Deny logon locally" I don't think that applies to my case. Said, my users from DomainOne, I don't want users from DomainTwo, DomainThree, etc to logon and use my department computers.

    Thanks,


    Thang Mo

    Monday, March 7, 2016 6:12 PM

Answers

  • I tested and it works.

    "Allow logon locally" GPO will do, just add Administrators and Domain Users for that specific domain I want users to logon.


    Thang Mo

    • Marked as answer by ThangMo Wednesday, March 9, 2016 5:28 PM
    Wednesday, March 9, 2016 5:28 PM

All replies

  • You need to manage a trust relationship between your domains.

    You can create one-way trust for example. where users from your domain can access the resources to other domains, but users from other domains cannot use resources in your domain.

    Managing Trust

    Delegated Authentication and Trust Relationship


    Please click on Propose As Answer or to mark this post as and helpful for other people. This posting is provided AS-IS with no warranties, and confers no rights.

    Monday, March 7, 2016 6:34 PM
  • We have two-ways trust and I can only manage my OU. I am the administrator in my department and manage AD of my department only, not Enterprise Admin or Domain Admin of the entire forest.

    My goal is to prevent other users from other domain to logon my domain computers in shared area. All others like access network resources stay the same.

    I tried "Deny logon locally" but I could not browser objects on other domain (no permission), so I can't do it with GPO. Any work around? thanks.


    Thang Mo

    Tuesday, March 8, 2016 3:09 PM
  • I tested and it works.

    "Allow logon locally" GPO will do, just add Administrators and Domain Users for that specific domain I want users to logon.


    Thang Mo

    • Marked as answer by ThangMo Wednesday, March 9, 2016 5:28 PM
    Wednesday, March 9, 2016 5:28 PM