Hi Matt...
Stating the obvious, are the machines in the OU the policy is applied to?
I use that setting here very successfully, allowing training accounts to
only login to certain machines, but forbid them from all others.
And if the machines are in the correct OU, gpupdate /force and a reboot
maybe?
John
Matt Brown
<[EMAIL PROTECTED]
ewu.edu> To
Sent by: [email protected]
[EMAIL PROTECTED] cc
ail.activedir.org
Subject
[ActiveDir] Deny Log on Locally
06/29/2005 04:04
PM
Please respond to
[EMAIL PROTECTED]
tivedir.org
I'm trying to stop certain users from being able to log on to computers in
our lab.
I created a group called 'nsaccess' and then created a group policy and
added the group I created to the following:
Computer Configuration
Windows Settings
Security Settings
Local Policies/User Rights Assignment
Deny log on locally
Deny log on through
Terminal Services
For some reason it's not working. Anybody have any ideas. The users have
local admin rights once they log onto the machine, as I have the
INTERACTIVE
group in the local workstations Administrators group.
Thanks,
--
Matt Brown
Information Technology System Specialist
Eastern Washington University
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
