msForum

This is a local logon concern - machine specific. In regards to your solution, that would be great if there was an implicit "Deny Anyone not in these groups", but there isn't to my knowledge - there is also no way of adding the "Everyone Group" to the Deny Logon locally setting. I suppose I could create a security group and add the Everyone Group to that, then deny to that group, but I'm not sure if that would then take precedence in regards to the people that are in the allowed group - given of course that Everyone is in the Everyone group

I understand that you can assign groups the 'allow logon locally' attribute; however, in regards to doing this with the least amount of admin effort - is there a way to say "Allow these two groups, and deny everyone else?"

Hello all, In regards to Local Security Policy, I want to only allow members of a domain local group the right to logon locally. In the Local Security Policy, there is a place where you can deny logon rights, but in a large environment this can take some time. Is there a way to limit successful access to certain groups, while also denying everyone else? BTW, I’m not allowed another OU, so I have to do this through LSP. Thanks for your time.