Hello,
I want to limit user logins. Currently when you are at the login screen the user has the ability to select multiple domains (1 of 5 domains) on our network. I want to enforce a domain wide group policy that restricts it so that only users of a particular domain (C_DOMAIN) have access to its domain PCs (workstation@c-doamin). Our DC are running Windows 2003 Server and all of our workstations are running Windows XP Pro.
Example:
login drop down menu shows
A_DOMAIN
B_DOMAIN
C_DOMAIN
D_DOMAIN
E_DOMAIN
I want it so only user@CDOMAIN has the ability to login to C_DOMAIN PC. Can not do anything with Trust we share to many data base. We are not trying to prevent accessing shares on C_DOMAIN that have they have permissions too, nor do we want to block C_DOMAIN users from accessing shares on the other 4 domains if they have permissions too.
We are trying to prevent them from using C_DOMAINs workstations. Each domain is a different agency. The situation is the users in Domain A and D do not have Internet access on the workstations in their domain. Thus they login to C_DOMAIN PC once in a while, so they can surf the web. Plus we just do not want them being able to login on C_DOMAIN PCs. I was hoping to find a group policy that would solve this problem.
Thanks for your assistance,
Greg
Group Policy - Computer Configuration - Windows Settings - Security Settings - Local Policy - User Rights Assignment - Allow Logon Locally
Grant the "Allow Logon Locally" to the Groups that you want to have the right.
Assign the Policy to the Container that holds the Machines in your Domain.