Hello,
We need to restrict a certain security group accessing a particular
Windows server either through network, local logon, terminal services.
We created a GPO and assigned that security group and applied to that
particular server, when we ran RSOP from the server , it is found that
the security group is denied access as expected for deny logon through
network, remote desktop services, logon as a service but deny logon
locally is not updated with the security group which has to be present
in that setting but it has another one security group.
When we investigated, this deny logon locally is pushed to the server
from default domain policy which has that group only , not the security
group what we are trying to restrict access to this server.
How to achieve this ?
