Block out user
Is it possible in Windows 2000 to block a user of a domain from using a certain machine. I currently have a 2000 Pro machine on a domain. Currently any domain user (which is over 1000 users) can log onto my machine.
Is it possible in Windows 2000 to block a user of a domain from using a certain machine.
I currently have a 2000 Pro machine on a domain. Currently any domain user (which is over 1000 users) can log onto my machine. Is there a way for me to not allow users other than myself to use this machine?
Thanks
Ancker Jade
I currently have a 2000 Pro machine on a domain. Currently any domain user (which is over 1000 users) can log onto my machine. Is there a way for me to not allow users other than myself to use this machine?
Thanks
Ancker Jade
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Go to Programs -> Administrative Tools -> Local Security Policy (if you can't see administrative tools, go to Settings -> Taskbar & Start Menu and enable it).
GO to Local Policies -> User Rights Assignment and either add users to "Deny logon locally" or remove them from "Log on locally". Be careful not to remove your own account though (VERY VERY IMPORTANT!!)
--
Xiven
[This message has been edited by Xiven (edited 13 March 2001).]
GO to Local Policies -> User Rights Assignment and either add users to "Deny logon locally" or remove them from "Log on locally". Be careful not to remove your own account though (VERY VERY IMPORTANT!!)
--
Xiven
[This message has been edited by Xiven (edited 13 March 2001).]
Although he has locked himself and local administrator out, has he locked 'Domain Admins' out?
By default the 'Domain Admins' group gets admin rights on workstations.
By default the 'Domain Admins' group gets admin rights on workstations.
Actually there is a way around it..
it's actually pretty neat.
install Windows 2000 Server OR Pro Resource Kit.
(you must also have a win2k box(with admin rights networked to the machine messed up.)
from the command prompt where "ntrights" is type
c:\ntrights -m \\computer -u (user or group) -r SeDenyInteractiveLogonRight
worked like a charm.....
[This message has been edited by ancker (edited 15 March 2001).]
it's actually pretty neat.
install Windows 2000 Server OR Pro Resource Kit.
(you must also have a win2k box(with admin rights networked to the machine messed up.)
from the command prompt where "ntrights" is type
c:\ntrights -m \\computer -u (user or group) -r SeDenyInteractiveLogonRight
worked like a charm.....
[This message has been edited by ancker (edited 15 March 2001).]
