As part of our GDPR implementation we have decided to deny staff from logging onto student clients, and vice versa.
The required policies can be found in – Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment.
The “Deny log on locally” specifies the users or groups that are not allowed to log into the local computer.
The Group Policy has been tested on Windows 7 and Windows 10 clients successfully.