1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Remotely manage Local Security Settings?

Discussion in 'Networking' started by StumpedTechy, Jul 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    On all XP machines there is a Local Security Settings plugin that allows you to Deny users logins -

    Admininstrative Tools > Local security settings > Local policies > User Rights Assignment > Deny log on locally

    Is there any way to modify this setting on a remote computer short of having to Remote Desktop to it and bring it down? Nowhere in the box is any option to connect to a remote computer.

    I guess this could be put in the XP section.
     
  2. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,486
    First Name:
    James
    As a domain admin, you can use mmc to set up the Local Group Policy on any machine.

    (I think you can :D I will need to check my notes but I'm sure you can)
     
  3. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    Recheck your notes I can't see the local security settings anywhere on the domain policies. When I connect to the PC remotely using the mmc this only shows a limited number based on the domain information (but does not connect to the local).

    I found a MS KB article - http://support.microsoft.com/kb/Q274478

    But this is really talking about 2000 and NT and were on XP and 2003. I did try the middle sction about "Take the entries found in the Local Group Policy Object which are stored in the %Systemroot%\System32\GroupPolicy folder, and then copy them to other clients where you also want to apply these Local Group Policy settings." Which sounded like it should work... but didn't apply on the copied to PC.
     
  4. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,486
    First Name:
    James
    Go to MMC > File > add/remove snap in > Add > select Group Policy Object Editor > click Browse > select Computers Tab, add the computer name > OK the rest.

    Pictures are end result. But having said that, I could not find for the life of me the Deny Log On Locally. I thought it was in GP.
     

    Attached Files:

  5. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,486
    First Name:
    James
    I think that's not the right thing... opps :eek:
     
  6. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,486
    First Name:
    James
    Hey ST:

    I spoke to my Network Admin teacher and he suggested something which I'm sure you have seen, but if you are wanting a user to log in only to one machine, then under the properties of the user account > Account tab > Log On To button and then you can specify the computer/s that the user can use. Is that what you are looking for?
     
  7. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    Yup... the problem is we want most users to be able to move around so this log onto is too restrictive. The path/instructions you provided does not show the Deny log onto. Actually I think that is just a listing of the GPO not Local machine policy of what is set for the PC in question.
     
  8. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,486
    First Name:
    James
    You are correct, I was thinking of the GPO and not Local Security. My teacher said probably the only other way is by a script. (again!) :D

    I think that the Log On To is the better option. Some of the users can't have everything you know ;) :D
     
  9. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    LOL thats many users to have to lock down though. This way would be a change to only 24 PC's effectively stopping the exact thing we want... I just can't find the solution. You know anything about making Policy templates? maybe I can export something then make it import on login?
     
  10. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    32,486
    First Name:
    James
    There is a Security Templates snap in. I was able to right click on the location and it says new template. But the only thing is that how are you going to get it to activate without RM or getting to the machine.
     
  11. StumpedTechy

    StumpedTechy Thread Starter

    Joined:
    Jul 7, 2004
    Messages:
    7,234
    This isn't looking promising -

    "Unfortunately, local Group Policy by definition is local to each Windows 2000 computer and as such there is no Microsoft central configuration tool to help you define a standard LGPO you want to deploy onto each machine.You can’t, as you might think, simply copy a configured computer’s GPO folder onto another computer. However, you can export and import the security policy within the local GPO together with additional security settings such as registry settings, service configurations, and ACLs.This is done using Microsoft’s Security Configuration and Analysis, which is covered next."

    I have been d0ing some looking around ans local GPO manipulation seems a bit complex and conveluted without being straightforward -http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch05.mspx

    I am gonna have to go over this with a fine tooth comb but it sure doesn't seem easy.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485154

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice