We are doing basically the same as the article, very easy, configurable etc. Assuming you don't have your servers in the same OU as your workstations you would apply the GPO to the top level OU for the workstations. I did not create the security group because we are only denying logon for two users.
Jim From: N Parr [mailto:[email protected]] Sent: Tuesday, December 20, 2011 8:38 AM To: NT System Admin Issues Subject: GPO - Deny Logon Locally to everyone in OU? So I have an OU that contains users that exist only so they can have an email address. I don't want them to be able to log on locally to any workstation. But they still need to have logon access to the exchange server for their webmail and in a lot of cases I have workstations with generic logons and multiple outlook profiles configured. Users constantly think because they have a logon they can log on to any computer. I found this article that seems to give me one solution. http://www.petri.co.il/forums/showthread.php?t=10183 I would prefer to use AD to accomplish this, not a script. This article is rather old referenced 03 AD and I'm on 08R2 now. Just asking if anyone else has done this with another or easier solution. I thought about just assigning these people a logon script that issues a logoff command but the username is case sensitive in a logon script and it would be a pain to manage. Only concern I have is making sure everyone has logon access exchange so they can get their mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin **Warning** Any technical data is or may be controlled under the U.S. International Traffic in Arms Regulations (ITAR) and may not be exported, released, or disclosed to foreign nationals without proper authorization by the U.S. Department of State." "CONFIDENTIALITY NOTICE: This electronic transmission, its contents and any attachments (hereinafter referred to collectively as "transmission") are confidential and are solely directed to, and intended for, the named addressee(s) only. Any use, reproduction or dissemination of this transmission by an unintended recipient is strictly prohibited. If you receive this transmission in error, please immediately notify the sender and delete this transmission in its entirety from your files. All intellectual property rights in this transmission are expressly reserved." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
