Announcement

Collapse
No announcement yet.

only allow certain user to log into a computer

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • only allow certain user to log into a computer

    Greetings,
    I have an Active Directory. I want to limit login's on certain machines in the domain, to only certain users.

    ie, machine1 can only be logged into by user domain\joe, no other domain users can log into the machine.

    Is there an easy way to set this up ?

    thanks,

  • #2
    Re: only allow certain user to log into a computer

    Move the machines to their own OU (if you like, within the OU where all the other computers are)

    Create a GPO and link it to the new OU.

    In the GPO, under Computer...User Rights Assignment, set the "Log On Locally" policy and add only the users who you want logging in. Ensure you do the same for the "Log on via terminal services" policy.

    When the computers pick up policy, only the listed users will be able to interactively log on to the machines.

    If you want to prevent mapping network drives, NETBIOS access etc, also set the "Access this computer from the network" policy.

    MAKE SURE that you add "Administrators" to the "Log on Locally" and "Log on via Terminal Services" rights, and to the "Access this computer from the network" policy. Otherwise you will be locked out of the PCs and at the mercy of the users!! (Unless you move it to a different OU of course).


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: only allow certain user to log into a computer

      Another way is to go to active directory users and computers, go to the properties for the user then 'Account' tab and click on 'Log on to' and add the machines that you like there.
      Please remember to award reputation points if you have received good advice.
      I do tend to think 'outside the box' so others may not always share the same views.

      MCITP -W7,
      MCSA+Messaging, CCENT, ICND2 slowly getting around to.

      Comment


      • #4
        Re: only allow certain user to log into a computer

        Originally posted by uk_network View Post
        Another way is to go to active directory users and computers, go to the properties for the user then 'Account' tab and click on 'Log on to' and add the machines that you like there.
        No... that's all backwards. That allows the user to log on ONLY to THESE workstations, but does not prevent anyone else logging on to THAT workstation. My method allows only the listed users to log on to a given workstation - which I believe is what the OP asked for.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: only allow certain user to log into a computer

          Originally posted by Stonelaughter View Post
          Move the machines to their own OU (if you like, within the OU where all the other computers are)

          Create a GPO and link it to the new OU.

          In the GPO, under Computer...User Rights Assignment, set the "Log On Locally" policy and add only the users who you want logging in. Ensure you do the same for the "Log on via terminal services" policy.

          When the computers pick up policy, only the listed users will be able to interactively log on to the machines.

          If you want to prevent mapping network drives, NETBIOS access etc, also set the "Access this computer from the network" policy.

          MAKE SURE that you add "Administrators" to the "Log on Locally" and "Log on via Terminal Services" rights, and to the "Access this computer from the network" policy. Otherwise you will be locked out of the PCs and at the mercy of the users!! (Unless you move it to a different OU of course).
          There is a problem with this method, what if he let say has 30 machines that every machine has one user allowed to log on to, what would he create 30 OUs and 30 GPOs?

          Comment


          • #6
            Re: only allow certain user to log into a computer

            Hi,

            You can try this method also.

            Go that machines where you want to restrict the users.

            Open Local Users & Groups

            Go to "Users" group

            Remove the "Domain Users" from the "Users Group"

            Add the list of users you need to allow also add "Domain Admins" in the "Users" Group

            Now only the allowed users & the domain admins can login into the machine.
            Regards,
            Venkatesan S

            Comment

            Working...
            X