K. Brian Kelley (4/30/2013)
If they're in a Windows security group, you can add the group as a login and deny permission to connect to the SQL Server.
However, this is usually seen as a method of last resort. Someone could always be added to the group that you didn't intend to block.
This is the way I would do it.
Alternatively, and to prevent the chance that you block anyone inavertently from accessnig the server, you could create a new AD Security Group and place the members you explicitly don't want on the server in that group. All you need to do then is distribute the group to the required servers and deny connect to that group.