General discussion


Restricting User Logons

By jalexander ·
I have a windows 2000 domain and mostly windows 2000 pro pc's. I have a pc that I want only certain authenticated users to be able to logon. How can this be done? Any user can log onto any PC. The profile is created but I have to configure e-mail and internet. I want to restrict users on a specific pc.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by timwalsh In reply to Restricting User Logons

As this applies to a specific PC, the easiest way to do this would be to place the PC in its own OU. Apply a GPO to that OU that gives only specific users the right to log on locally.

This would work in exactly the same way that it does with your DCs. Because the DCs exist in their own OU, you can apply different GPO settings than apply to the rest of the domain. Because GPOs applied to OUs are applied last, they take precedence over GPOs applied to the domain as a whole.

Hope this helps.

Collapse -

by jalexander In reply to Restricting User Logons

Does the logon locally setting apply to the networked environment? The users don't actually have a local logon, they have a network logon.

Collapse -

by srid In reply to Restricting User Logons

Microsoft has included the Concurrent Connection Limiter (Cconnect) utility with Windows 2000 Server Resource Kit. Cconnect lets you limit concurrent logons in both Windows 2000 and NT4 domains but as you will see, it best fits a pure W2K pure environment

use any 3rd party commercial product UserLock offers this addon capability.

Related Discussions

Related Forums