Click here to get back home

prevent user from logging on to servers
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
prevent user from logging on to servers Dan 03-31-2006
Posted by Dan on March 31, 2006, 8:22 am
Please log in for more thread options
 There are several users that we'd like to prevent from logging on to
servers. Is there any way to do this?

Thanks,

Dan



Posted by Roger Abell [MVP] on March 31, 2006, 8:29 am
Please log in for more thread options
 Do not grant the user right to Log on locally to those users or to
any group that contains (directly or indirectly) those users.
There is a matching policy to deny that user right, but if possible
a positive statement of who should have the right is best.
For a server, consider defining a group like LocalLogon and
put non-admin accounts that need this right in that group, then
alter the Log on locally user right so that Administrators and
LocalLogon are granted the right. Be sure to allow machine
local accounts that need the right (IWam_, etc.).

You likely have in the user right at present, Users (which itself
has Domain Users, Interactive, and Authenticated Users), Power
Users, and Everyone


> There are several users that we'd like to prevent from logging on to
> servers. Is there any way to do this?
>
> Thanks,
>
> Dan
>
>



Posted by Dan on April 3, 2006, 11:41 am
Please log in for more thread options
Thanks Roger. It sounds like that will suit our purpose.

Dan

> Do not grant the user right to Log on locally to those users or to
> any group that contains (directly or indirectly) those users.
> There is a matching policy to deny that user right, but if possible
> a positive statement of who should have the right is best.
> For a server, consider defining a group like LocalLogon and
> put non-admin accounts that need this right in that group, then
> alter the Log on locally user right so that Administrators and
> LocalLogon are granted the right. Be sure to allow machine
> local accounts that need the right (IWam_, etc.).
>
> You likely have in the user right at present, Users (which itself
> has Domain Users, Interactive, and Authenticated Users), Power
> Users, and Everyone
>
>
>> There are several users that we'd like to prevent from logging on to
>> servers. Is there any way to do this?
>>
>> Thanks,
>>
>> Dan
>>
>>
>
>



Similar ThreadsPosted
preventing users from logging on to servers March 24, 2006, 2:19 pm
Normal user logging onto Win2003 Domain Controller? December 3, 2007, 7:03 am
PKI User certificate auto-enrollment for XP clients not logging onto domain computer May 18, 2007, 11:02 am
User stays logged in to servers. July 25, 2007, 9:20 am
Allowing a Domain User Admin Rights to a Couple of Domain Servers June 29, 2005, 8:13 pm
Logging Access July 11, 2008, 1:26 pm
Problems logging to server December 21, 2005, 1:07 pm
Logging, Login API and SSPI January 24, 2007, 4:31 pm
guest account logging January 29, 2007, 1:09 pm
RRAS SQL Server Logging October 23, 2007, 7:54 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap