How to prevent users from different domain to logon my domain PC?

All replies

• 

  

  0

  Sign in to vote

  You need to manage a trust relationship between your domains.

  You can create one-way trust for example. where users from your domain can access the resources to other domains, but users from other domains cannot use resources in your domain.

  Managing Trust

  Delegated Authentication and Trust Relationship

  ---

  Please click on Propose As Answer or to mark this post as and helpful for other people. This posting is provided AS-IS with no warranties, and confers no rights.

  • Proposed as answer by Rick_LiMicrosoft contingent staff, Moderator Tuesday, March 8, 2016 8:46 AM

  Monday, March 7, 2016 6:34 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  We have two-ways trust and I can only manage my OU. I am the administrator in my department and manage AD of my department only, not Enterprise Admin or Domain Admin of the entire forest.

  My goal is to prevent other users from other domain to logon my domain computers in shared area. All others like access network resources stay the same.

  I tried "Deny logon locally" but I could not browser objects on other domain (no permission), so I can't do it with GPO. Any work around? thanks.

  ---

  Thang Mo

  Tuesday, March 8, 2016 3:09 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  I tested and it works.

  "Allow logon locally" GPO will do, just add Administrators and Domain Users for that specific domain I want users to logon.

  ---

  Thang Mo

  • Marked as answer by ThangMo Wednesday, March 9, 2016 5:28 PM

  Wednesday, March 9, 2016 5:28 PM

  Reply

  |

  Quote