restrict logins

How do I modify the scecurity settings on a computer to
restrict logins to a certain group of users that login
through a domain controller? I was told to open
administrator tools, select local policies, user rights
assignment, log on locally. There I added the domain
users allowed to login, but it didn't work; all users
could login, not just the ones I put in the list. I was
then told to remove the group "User" from the allowed
list. Now only local accounts or members of
Administrators can login.

On Wed, 22 Oct 2003 07:35:55 -0700, "Bob Rohde" <(E-Mail Removed)>
wrote:

>How do I modify the scecurity settings on a computer to
>restrict logins to a certain group of users that login
>through a domain controller? I was told to open
>administrator tools, select local policies, user rights
>assignment, log on locally. There I added the domain
>users allowed to login, but it didn't work; all users
>could login, not just the ones I put in the list. I was
>then told to remove the group "User" from the allowed
>list. Now only local accounts or members of
>Administrators can login.
Why not just disable the local accounts?

Dave

>-----Original Message-----
>On Wed, 22 Oct 2003 07:35:55 -0700, "Bob Rohde"
<(E-Mail Removed)>
>wrote:
>
>>How do I modify the scecurity settings on a computer to
>>restrict logins to a certain group of users that login
>>through a domain controller? I was told to open
>>administrator tools, select local policies, user rights
>>assignment, log on locally. There I added the domain
>>users allowed to login, but it didn't work; all users
>>could login, not just the ones I put in the list. I was
>>then told to remove the group "User" from the allowed
>>list. Now only local accounts or members of
>>Administrators can login.
>Why not just disable the local accounts?
>
>Dave
>.
>
What are the implications of doing that? Would the local
administrator still be allowed login access?

On Wed, 22 Oct 2003 11:12:56 -0700, "Bob Rohde"
<(E-Mail Removed)> wrote:

>
>>-----Original Message-----
>>On Wed, 22 Oct 2003 07:35:55 -0700, "Bob Rohde"
><(E-Mail Removed)>
>>wrote:
>>
>>>How do I modify the scecurity settings on a computer to
>>>restrict logins to a certain group of users that login
>>>through a domain controller? I was told to open
>>>administrator tools, select local policies, user rights
>>>assignment, log on locally. There I added the domain
>>>users allowed to login, but it didn't work; all users
>>>could login, not just the ones I put in the list. I was
>>>then told to remove the group "User" from the allowed
>>>list. Now only local accounts or members of
>>>Administrators can login.
>>Why not just disable the local accounts?
>>
>>Dave
>>.
>>
>What are the implications of doing that? Would the local
>administrator still be allowed login access?
You would leave the ADMINISTRATOR account available,
but password protect it. There may be a more elegant
solution - I'm not a domain expert. good luck -

Dave