Using NTRights, you can create a batch file that contains the following
commands for each workstation you wish to restrict:
ntrights -r SeInteractiveLogonRight -u "Backup Operators" - m \\<ComputerName> ntrights -r SeInteractiveLogonRight -u Everyone - m \\<ComputerName> ntrights -r SeInteractiveLogonRight -u Guests - m \\<ComputerName> ntrights -r SeInteractiveLogonRight -u "Power Users" - m \\<ComputerName> ntrights -r SeInteractiveLogonRight -u Users - m \\<ComputerName>where <ComputerName> is the name of the workstation you want to restrict.
For the <ComputerName> you are working on, you don't need the -m \\<ComputerName> as the changes are made locally by default.
The above changes remove the right to logon locally from the listed local groups. If you have ordinary users in other local groups, add these local groups to the list. You can view the list of local groups by typing NET LOCALGROUP at a CMD prompt.
NOTE: You must be a member of the local Administrators group to run NTRights.
NOTE: NTRights is also availble in
Supplement 4 of the Windows NT 4.0 Resource Kit.
0 comments
Hide comments