Ars Technica

restrict access to computer but allow certian users to login

Remove the Domain Users from the local Users group, and add only thier account. This is done locally, not through AD or GPs.
Ars Technica

2K3 AD Restrict Computer Management

Edit: I decided there was too much intro and not enough question to my post. The edited ver. follows, the entire version is after that:<BR><BR>In a W2K3 AD domain, how can I prevent domain users ...