Block out user
This is a discussion about Block out user in the Windows Networking category; Is it possible in Windows 2000 to block a user of a domain from using a certain machine. I currently have a 2000 Pro machine on a domain. Currently any domain user (which is over 1000 users) can log onto my machine.
Is it possible in Windows 2000 to block a user of a domain from using a certain machine.
I currently have a 2000 Pro machine on a domain. Currently any domain user (which is over 1000 users) can log onto my machine. Is there a way for me to not allow users other than myself to use this machine?
Thanks
Ancker Jade
I currently have a 2000 Pro machine on a domain. Currently any domain user (which is over 1000 users) can log onto my machine. Is there a way for me to not allow users other than myself to use this machine?
Thanks
Ancker Jade
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Mar 9
Mar 18
0
2 minutes
Responses to this topic
Go to Programs -> Administrative Tools -> Local Security Policy (if you can't see administrative tools, go to Settings -> Taskbar & Start Menu and enable it).
GO to Local Policies -> User Rights Assignment and either add users to "Deny logon locally" or remove them from "Log on locally". Be careful not to remove your own account though (VERY VERY IMPORTANT!!)
--
Xiven
[This message has been edited by Xiven (edited 13 March 2001).]
GO to Local Policies -> User Rights Assignment and either add users to "Deny logon locally" or remove them from "Log on locally". Be careful not to remove your own account though (VERY VERY IMPORTANT!!)
--
Xiven
[This message has been edited by Xiven (edited 13 March 2001).]
OP
OK thanks...it worked..
but i told me colleague that he should also restrict access...and he did just that..he locked himself(including local administrator) out of his machine..
what can be done??
but i told me colleague that he should also restrict access...and he did just that..he locked himself(including local administrator) out of his machine..
what can be done??
Oh dear, I did warn you AFAIK There's no easy way around it other than to use an emergency repair disk. Hope someone else has a better suggestion.
Although he has locked himself and local administrator out, has he locked 'Domain Admins' out?
By default the 'Domain Admins' group gets admin rights on workstations.
By default the 'Domain Admins' group gets admin rights on workstations.
OP
Actually there is a way around it..
it's actually pretty neat.
install Windows 2000 Server OR Pro Resource Kit.
(you must also have a win2k box(with admin rights networked to the machine messed up.)
from the command prompt where "ntrights" is type
c:\ntrights -m \\computer -u (user or group) -r SeDenyInteractiveLogonRight
worked like a charm.....
[This message has been edited by ancker (edited 15 March 2001).]
it's actually pretty neat.
install Windows 2000 Server OR Pro Resource Kit.
(you must also have a win2k box(with admin rights networked to the machine messed up.)
from the command prompt where "ntrights" is type
c:\ntrights -m \\computer -u (user or group) -r SeDenyInteractiveLogonRight
worked like a charm.....
[This message has been edited by ancker (edited 15 March 2001).]
Nice. I'll have to remember that one 
Hmmm.... couldn't find that ntrights thing you were talking about, tried installing every little thing hidden on the 2k server cd - still no joy.
OP
It's on the Windows 2000 Resource Kit CD..not the windows 2000 CD
Ancker
Ancker
