• Enfield, Waltham Abbey
  • 0844 567 4250


Restrict Logins Using Group Policy

Nov 26

Written by:
Mon, 26 Nov 2012 12:38:09 GMT  RssIcon


Create or select an organizational unit to which the policy will apply.

If you already have an organizational unit (OU) which contains the computers you wish to restrict, select it. otherwise, create an OU for the policy and move the computers that require restricted access into that OU. be sure to apply your other required group policy objects to the OU as well. To create an OU, open "Active Directory Users and Computers" right click on the domain, select "new" and then select "Organizational unit" name the OU and click "OK"


Create a global security group to contain users.

You can apply your group policy to individual users but it is easier to create a group and populate it with members, that way you can easily add or remove people to the group without having to update the policy each time there is a change.


Create the group policy object (GPO)

Open the Group Policy Management plug-in, right click on "Group Policy Objects" and select New, then. name the policy something like "allow logons".


Add your policies to the GPO

You are going to configure two "Local Policies" right click on your GPO and select "edit" expand "Computer Configuration" and "Local policies" click "User Rights Assignment" and double click "Allow log on locally".


Add the group of allowed users

In the properties for Allow log on locally are open, check define these policy settings and add "allow logons" you must also add "local administrators" and "Domain Admins" for obvious reasons :-)


Link the GPO to the OU and set the filtering

The GPO built and applied to the group you created, it needs to be linked to the OU and apply the policy to "Domain Users". Go back to Group policy management, right click on the OU where you want the policy to apply and select "link an existing GPO" select the "allow logons" policy from the list and click OK. in GPM you will see your policy under the OU and if you select the policy entry and select the scope tab you will see that the policy is linked to your OU but it is not enforced. right clickon the link and select "enforced" Then, under Security filtering, add "domain users"



This article was submitted by Tech27 and in no way represents the opinions of Love 4 IT Staff and comes with no guarantees or warranties that the methods described here will work. Always seek advice from a trained professional if you are unsure of the steps you are following. This article is for education purposes only and by following the instructions here in you agree that any damage caused to your systems as a result, Love 4 IT will not be held responsible. In any case, our staff will be happy to answer any questions on behalf of Tech27 who originally submitted this article.

Source images from SpiceWorks

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Security Code
Enter the code shown above in the box below
Add Comment   Cancel 

Contact Us

Have an I.T Problem? Get in touch for an informal chat and find out how we can help

Click here

Blog Calendar

<April 2020>
By continuing to use this site you agree to the use of cookies. To view our policy on cookies click here