DDP vs GPO

Techshan 221 Reputation points
2022-06-21T22:00:10.757+00:00

Hello,

We need to restrict a certain security group accessing a particular Windows server either through network, local logon, terminal services.

We created a GPO and assigned that security group and applied to that particular server, when we ran RSOP from the server , it is found that the security group is denied access as expected for deny logon through network, remote desktop services, logon as a service but deny logon locally is not updated with the security group which has to be present in that setting but it has another one security group.

When we investigated, this deny logon locally is pushed to the server from default domain policy which has that group only , not the security group what we are trying to restrict access to this server.

How to achieve this ?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,793 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,801 Reputation points
    2022-06-23T07:51:45.753+00:00

    Hi there,

    Have you tried Delegate Permissions for Group Policy?
    How to delegate permissions for a group or user on a Group Policy Object https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789195(v=ws.11)

    Here is a link for a detailed description of the process that you must follow.

    Using Group Policy to Restrict Access for a New Security Group to only have access to specified Servers https://learn.microsoft.com/en-us/answers/questions/437455/using-group-policy-to-restrict-access-for-a-new-se.html

    Restrict Access to Only Specified Users or Computers https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices

    Restrict Server Access to Members of a Group Only https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only

    Hope this resolves your Query !!

    ------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Techshan 221 Reputation points
    2022-06-22T14:57:11.82+00:00

    We tested that the security group is not able to access the particular server in any logon types except local logon

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.