Restrict users to only certain pc's
MittonE
I want to restrict some users so they can only log onto the pc's in their
department.
I know it can be done at each user's properties on the account tab but I was
just wondering if it can be done as a group policy so can add the whole group
at the same time.
Thanks
![Tim Springston [MSFT]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Tim Springston [MSFT]
with this would probably be the user rights assignments for
DenySeInteractiveLogonRight, also known as Deny Interactive Logon.
I would be very cautious about deploying this setting via policy though and
test it prior to putting it into production. When placing an explicit deny,
or implicit deny (as a result of explicit allows minus the user which will
not be allowed) it can be very easy to inadvertantly prevent users access.
You could configure the setting below in a policy linked to the OU which the
department's computers are in. The computers will need Read Allow and Apply
Group Policy Allow permissions.
Setting is:
Computer Configuration-->Windows Settings-->Security Settings-->Local
Policies-->User Rights Assignment. The setting is titled "Deny logon
locally", or alternatively "Allow logon locally" if you decide to engineer
this a little differently.
Please repost if you have any remaining questions.
--
Tim Springston
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
"MittonE" <eug...@transcircuit.com(Do not Spam)> wrote in message
news:4470088B-E6C4-4884...@microsoft.com...