Windows 2000 : Deny users access to logon

Toggle sidebar Toggle sidebar
L

LuckyTaxi

Diamond Member
Dec 24, 2000
6,044
23
81
I know you can specify which computers users can log on, but with over 100 desktops, it would be easier to say which computers
they can't log onto. I have over 200 student accounts and there are less than 10 computers they shouldn't be able to log on to.
This would be easier than to list the other 80 computers which they can log on to. Is this possible?
 
S

smitty99

Member
Nov 11, 1999
64
0
0
Are you using an NT domain? Active Directory? Details are always nice to have...

Anyhow, as I understand permissions in Windows, deny records take precedence. So, give all users blanket login rights to every machine in the domain, then create deny entries for those ten machines that you don't want them logged in to.
 
SoulAssassin

SoulAssassin

Diamond Member
Feb 1, 2001
6,135
2
0
I'm going to make the assumptions that these 200 students don't have local admin access and the people that login to these 10 machines do, you can remove the users group from Local Security Policy/User Rights/Log on Locally. Or add/remove other groups as appropriate for your environment.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom