![]() ![]() You cannot log on because the logon method you are using is not allowed on this computer. The local policy of this system does not permit you to logon interactivelyĪnd here is the error message they will see on Windows Vista or 7 (the message is the same for both except for the OS name): If you happen to be a user that is not authorized to use a computer, here is the message the user will see on Windows XP: Just as a reference, here is the default configuration for Windows 7:Īllow Log on locally Properties in Windows 7 In my example, I’ve included the local workstation Administrators group, Domain Admins, and an AD group called “Allow Computer Logons.” With this configuration, only user accounts that are members of the local Admins group on the computer or one of the two AD groups are allowed to log in. This policy can be found in Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment > Allow log on locally. The “Allow log on locally” setting specifies the users or groups that are allowed to log into the local computer. Just avoid default AD groups like Domain Users or any of the Admin groups if you don’t want to get locked out. In my example, I’ve created a special group just for user accounts that I don’t want logging into an OU of computers. ![]() This policy can be found in Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment > Deny log on locally. The “Deny log on locally” specifies the users or groups that are not allowed to log into the local computer. ![]() Deny logon - Setting in Group Policy Editor Deny log on locally ^ ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |