I'm not sure I'm in the right spot, but I'll ask my question anyway. In Windows server 2003 in active directory is there a way to prevent specific users from logging on a a specific computer (not the server, but a computer that is part of the network)? I've found the option that will allow users to "log on to the following computers" but that isn't what I need because I have to add the computers individually and this isn't practical when there are 50+ computers that they can log on to and only a couple of computers that they can't log on to. I need something like "allow users to log on to all the computers on the network except these ones". Where can I find that option or do something like that? Please note that I'm quite new to working with servers. Thanks for any advice.

You could look at applying a Group Policy (or local policy) to the computers that specificies certain "Deny..." settings to users or groups. The settings are in Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Rights Assignment. Deny log on locally Deny log on through Terminal Services Deny access to this computer from the network Tony

Hello,This is Exchange Server forum, for the current issue, I suggest you write a post on our Windows Server forum:http://social.technet.microsoft.com/Forums/en-US/winservergen/threadsThanks,Elvis