Deny Domain Local Group

Deny Domain Local Group is an exam objective that relates to some Group Policy settings that allow the administrator to quickly deny local rights on a computer for users and groups. This video looks at how to configure these Group Policy settings.

Show lesson content
Deny Domain Local Group
Rights on a computer allow the user to perform an action. Typical rights include logon locally and access the computer from remote. Deny domain Local group is simple group policy settings that allows the administrator to easily deny a user from certain rights on the computer. The settings are found under the following location.

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

There are five settings that can be configured

Deny access to this computer from the network

Deny log on as a batch job

Deny log on as a service

Deny log on locally

Deny log on through Remote Desktop Services

The advantage of using deny domain local group is that it does not require knowledge of what settings have already been configured. The advantage is the administrator can deny a particular right without effecting any other settings on the computer or knowing which setting has already been configured.



Lesson tags: 70-640-active-directory
Back to: 70-640 Introduction to Active Directory > Group Policy

Active Directory is a system which offers centralized control of your computers.


Active Directory Infrastructure


Group Policy