We have a situation where would like to prevent a specific user from logging on to a specific machine or group of machines. I'm pretty sure there is a way in Active Directory to do this, but I can't find the right policy setting. Does anyone know how? Basically I want to say something like "deny logon access to user user_1 to machines in group2". Thanks!