Heya ppl - need your help here. I got my system up running and has, of course, a windows 2000 DC to control the show, but I would like to set the settings at the DC so that it was impossible to logon to any of the workstations locally. I've been experimenting with the policy for different OUs, and set the "Deny Logon Locally" to my Groups and.. *ahem* Everyone, but no go there.
I even took the chance and changed the Domain Security settings without using the Analysis and Comfiguration in the MMC. Still no go.

Can anybody tell me where I disable the local logon feature for both 2K and XP clients ?

If there's anything to it, can I inform that the system is using Roaming Profiles as well.


Sincerly
-Daxziz

It is set in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

The deny log on locally in that panel will override the allow log on locally policy. So make sure whoever should be able to log on locally is not in the deny group.

Thx w00dy - I'll be sure to give this a try tomorrow.


-Daxziz

yes

Hmm....what would I do? Probably pull the monitors off the computers and sell them to a couple of dodgy gypsies that tried robbing my garden tools yesterday. Just a thought...

With which users are u trying to log on from the clients? because the standard domain controller policy doesn't allow non-admins to log on,

You'll have to change this in the Domain Controller Policy.