Prohibit users from logging on locally on the PC

For Windows PCs that are in a network domain , you can log in ” locally ” or to the domain . As a rule, the user logs on to the domain with his user name and password and then the assigned network resources are available to him.

In certain circumstances, however, it can also make sense for the user to log on locally to their PC . In this case, of course, no network resources are available to him.

However , if the IT department would like to prevent this local registration on the PC , the following group guidelines can be set.

To do this, go to the Group Policy Editor and go to the following path.

There is then the following group policy.

We have shown this to you below.

In this GPO you can now include all users or group objects that are no longer allowed to log on locally to the Windows PC.

Microsoft has released the following information about this GPO.

After a restart, the GPO then becomes active. If a user now logs on locally, the following message appears.

The exact message is:

You have successfully prevented a user from logging on locally.

You can find more articles on the topic of “ Windows registration ” here:

– RDP message – A user account restriction prevents you from logging in …
– Show the user before logging on to Windows (Sign In Message)
–
Can not log in to the account – Activate secure logon with ALT + CTRL + DELETE for Windows
– Start desktop applications after Speed ​​up Windows logon
– Always wait for the network when restarting the computer and logging in
– Switch off the greeting animation for Windows 10 logon by changing the registry
– Deactivate animation for the first Windows 10 logon
– Automatic user logon after booting up Windows
Server Manager do not start automatically after Windows login