VERY new to GPO’s so I apologize if this is simple for some of you.
I’d like to have a GPO only allow a group of users be able to log into a few machines. All other users should get a message of some sort saying you’re not allowed to do this.
Server 2008R2.
This is what I’ve done so far in GPM:
Security Filtering:
Created a GPO where I added the group and the machine.
Delegation:
Changed the permissions on the machine as well as the group to have Read (from Security Filtering) and ticked the box for “apply group policy” under Advanced.
This is what I’ve done so far in the GPME:
Computer Configuration>policies>security settings>local policies>User Rights Assignment
Allow log on locally – I added the group that I want to have the ability to do this.
I can still log into those specific machines without an issue under any user.
Any help would be greatly appreciated.
Thanks.