 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / Security / August 2005Disabling Interactive Login
We've been working on an in-house application that works through an portal. Users who log-in through this portal use LDAP to authenticate through Active Directory. Is is possible to make these logins disabled from being able to Interactively Login to a desktop machine on the domain..? If so which method would be the best way..? Using Group Policies or is there a better option within Active Directory. Thanks, You can configure security policy which is a subset of Group Policy to modify user rights for logon locally or deny logon locally. For instance you could create a global group and add it to the deny logon locally user right via Group Policy to all computers in a domain or Organizational Unit. Be careful with deny user rights as they override the companion allow user right and keep in mind that administrators are members of users, authenticated users, and everyone groups. --- Steve > We've been working on an in-house application that works through an > portal. [quoted text clipped - 10 lines] > > Thanks, Is it possible to create this sort of a policy and apply it only to a Group of users rather than to a whole Domain..? My biggest concern is applying a policy that will lock all users down, this is only required for users in a specific OU > You can configure security policy which is a subset of Group Policy to > modify user rights for logon locally or deny logon locally. For instance [quoted text clipped - 18 lines] > > > > Thanks, Sure. Create the global group you want to deny access to, add the users to the group, and then give this group deny logon locally user right to the computers you do not want them to logon to interactively which can be done via Group Policy at the domain or OU level. --- Steve > Is it possible to create this sort of a policy and apply it only to a > Group [quoted text clipped - 26 lines] >> > >> > Thanks, Is there a website that discribes how to create this Security Policy within a Group Policy..? I've created a Group Policy within the OU, but I haven't been able to find out how to apply the "deny logon locally user right".. Thanks > Sure. Create the global group you want to deny access to, add the users to > the group, and then give this group deny logon locally user right to the [quoted text clipped - 31 lines] > >> > > >> > Thanks, Open the Group Policy as an administrator and go to computer configuration/Windows settings/security settings/local policies/user rights and you can then configure user rights to your needs. --- Steve > Is there a website that discribes how to create this Security Policy > within a [quoted text clipped - 45 lines] >> >> > >> >> > Thanks, Figured the reason it wasn't working was because in the Permission tab of the Group Policy, Authenticated users didn't have the "Apply Policy" checked. Used the policy and applied it against a Group and the Policy worked.. Note for anyone else out there doing the same thing. Also remember to remove them from having Terminal Services access and your pretty much right. > Open the Group Policy as an administrator and go to computer > configuration/Windows settings/security settings/local policies/user rights [quoted text clipped - 49 lines] > >> >> > > >> >> > Thanks, |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.