How to create this type of GROUP POLICY in Win 2003 Server?

Toggle sidebar Toggle sidebar
M

meerakbarali

Honorable
Oct 11, 2012
15
0
10,510
In our company we have win 2003 server and 200 winxp clients. Our previous Administrator created a gpo I don’t know how he is created for user login

Suppose if xyz user joined the company, we will create a user in that particular OU on the server, when he want to log on,in winxp client system he will get error message stating that

“The system could not log on, Make sure user name and Domain is correct, then type your password again letter in passwords must be typed using the correct case.”

Unless or until a administrator go and add user account of that particular user in control panel of winxp system, USER can’t able to log in that system, After adding the user in control panel User able to login and access the network resources.


I think it is very good policy, without administrator permission a user can’t sit any system on the floor

But I don’t know how to create this type of policy, Can anybody help me in this regards

Meer Akbar Ali
 
Sort by date Sort by votes
hang-the-9

hang-the-9

Titan
Mar 25, 2010
60,387
1,081
152,940
That's not a policy, when they logon the default is the local computer name, if you create a domain user, you need to change the drop-down to the domain name. It sounds like you are confusing local accounts with network accounts and how you use either one.
 
Upvote 0 Downvote
M

meerakbarali

Honorable
Oct 11, 2012
15
0
10,510



iam not in confusion but we have the policy even though i could not understand it, i check all policies but all policies relating to login are showing not configured.

After creating user in the server, we need to add in the local machines user account in local machine control panel.

xp- control panel- user accounts- add or browse to select the user from server, After browseing it automatically check the domain name, after that a user can login to local machine.

Regards
Meer Akbar Ali
 
Upvote 0 Downvote
hang-the-9

hang-the-9

Titan
Mar 25, 2010
60,387
1,081
152,940


So when they logon, they logon to the domain, not the local computer? The logon to name is the domain name correct?

The only policy that would affect local logon is if you deny logon to local computers to certain groups and users, but then you would see a different message.

http://msdn.microsoft.com/en-us/library/ms813877.aspx

You can also setup users that are only allowed to logon to certain computers. We do that at times when we have a special account that needs to be on one computer for a vendor system and things like that.
 
Upvote 0 Downvote
M

meerakbarali

Honorable
Oct 11, 2012
15
0
10,510
Exactly they logon to domain with gpo restriction, not local computer, we have Two groups say ABC and xyz, (ABC as USERS, XYZ as MANAGERS)

For ABC we restrict all desktop icons not to save file and hide local drives even right click also,

For XYZ group we gave them saving options in folders and drives, they can also acces drives.

As per your link i will try and reply you.

But how to setup users that are only allowed to logon to certain computers?

Regards
Meer Akbar Ali
 
Upvote 0 Downvote
hang-the-9

hang-the-9

Titan
Mar 25, 2010
60,387
1,081
152,940


From your restrictions, you may have setup folder rights to strictly. If the user accounts do not have rights to save files to the disk, they can't create the user folders needed.

If you look at the user accounts in AD, you will see a thing called "logon to", you can set the systems to allow logon in there.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom