# how to add domain users to local security policy?



## videogamer87x (Apr 9, 2010)

ok here is what i'm trying to do. i am setting up a small network for a class project, 1 windows 2003 server, and 2 windows xp professional workstations. one of the workstations is to have only 2 of 19 users be able to login to it. I created 2 groups one with the 2 users and the other with the other 17. i gave the group with 17 users deny rights to the workstation that is to only have 2 users able to login. well that didn't work, i am still able to login as any user.

then when i go to the local security policy on the workstation and try to add the 17 user group to the "deny access to this computer from network" policy, the option to add any domain users or groups is missing. the "from this location:" is faded out to were i cant click on it and when i click the "locations..." button it will only allow me to add local users and groups the domain is not listed there.

please help


----------



## ThePrutser (Oct 13, 2007)

I assume you tried to use gpedit.msc to change the policy. Did you start this console with an administrative account? Futhermore you need to use the "Deny logon locally" and add the specific group there.

"deny access to this computer from network" means that the computer may not be accessed from another machine (server or workstation) by that group.


----------

