If you want to Restrict machine Logon & Network Access to a members of an Active Directory Group you can do so using the following procedure:
- Create a group which contains the ids for the users who will be allowed access to the PCs in question
- If nessecary, create an organisational unit which contains the PCs that are to be restricted.
- Create a new group policy on the OU
- Expand Computer configuration…Windows Settings…Security Settings…Local Policies…User Rights Assignment
- Double click Access This Computer From the Network and click on Add – add the newly created user group
- Double click Logon Locally and click on Add – add the user group created at Step 1. Make sure you include the builtin Administrators group with this setting or you could lock yourself out of the machine!