locked
Logon to Workstations for users RRS feed

  • Question

  • Can we allow all workstation except few hosts to users in their logon to.


    Regards Sushain KApoor

    Tuesday, August 13, 2013 11:06 AM

Answers

  • You can control who "Logs On Locally" by configuring the local policy or configuring a group policy.
    http://technet.microsoft.com/en-us/library/cc756809(v=WS.10).aspx

    You also have to ensure that remote desktop users aren't able to connect, by deault this isn't an issue but just make sure that the Remote Desktop Users group only contains those users that you want to be able to connect remotely.
    http://technet.microsoft.com/en-us/library/cc727977(v=WS.10).aspx
    http://technet.microsoft.com/en-us/library/ee791928(v=WS.10).aspx


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    • Proposed as answer by Meinolf Weber Tuesday, August 13, 2013 12:34 PM
    • Marked as answer by Mandy Ye Monday, August 19, 2013 1:55 AM
    Tuesday, August 13, 2013 11:56 AM
  • Hi,

    in Active Directory user properties you can only configure a list of computers the user is allowed to log on to.

    An alternative might be to apply a gpo to the list of computers that is not allowed for general users. The GPO should remove the domain users group from the 'users' group and replace it with a group that contains just the users that are allowed.


    MCP/MCSA/MCTS/MCITP

    • Proposed as answer by Meinolf Weber Tuesday, August 13, 2013 12:34 PM
    • Marked as answer by Mandy Ye Monday, August 19, 2013 1:55 AM
    Tuesday, August 13, 2013 11:11 AM
  • Hi,

    In addition to the information others required, you can prevent from users to logon to certain hosts by enabling "Deny logon locally" user right to the users.

    You could refer to the following article to troubleshoot your issues:
    How to restrict use of a computer to one domain user only
    http://support.microsoft.com/kb/555317 Option C

    I hope this helps.

    Regards,


    Mandy Ye

    • Marked as answer by Mandy Ye Monday, August 19, 2013 1:55 AM
    Wednesday, August 14, 2013 9:17 AM

All replies

  • Hi,

    in Active Directory user properties you can only configure a list of computers the user is allowed to log on to.

    An alternative might be to apply a gpo to the list of computers that is not allowed for general users. The GPO should remove the domain users group from the 'users' group and replace it with a group that contains just the users that are allowed.


    MCP/MCSA/MCTS/MCITP

    • Proposed as answer by Meinolf Weber Tuesday, August 13, 2013 12:34 PM
    • Marked as answer by Mandy Ye Monday, August 19, 2013 1:55 AM
    Tuesday, August 13, 2013 11:11 AM
  • You can control who "Logs On Locally" by configuring the local policy or configuring a group policy.
    http://technet.microsoft.com/en-us/library/cc756809(v=WS.10).aspx

    You also have to ensure that remote desktop users aren't able to connect, by deault this isn't an issue but just make sure that the Remote Desktop Users group only contains those users that you want to be able to connect remotely.
    http://technet.microsoft.com/en-us/library/cc727977(v=WS.10).aspx
    http://technet.microsoft.com/en-us/library/ee791928(v=WS.10).aspx


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    • Proposed as answer by Meinolf Weber Tuesday, August 13, 2013 12:34 PM
    • Marked as answer by Mandy Ye Monday, August 19, 2013 1:55 AM
    Tuesday, August 13, 2013 11:56 AM
  • Hi,

    In addition to the information others required, you can prevent from users to logon to certain hosts by enabling "Deny logon locally" user right to the users.

    You could refer to the following article to troubleshoot your issues:
    How to restrict use of a computer to one domain user only
    http://support.microsoft.com/kb/555317 Option C

    I hope this helps.

    Regards,


    Mandy Ye

    • Marked as answer by Mandy Ye Monday, August 19, 2013 1:55 AM
    Wednesday, August 14, 2013 9:17 AM