Announcement

Collapse
No announcement yet.

Limit logon to a domain machine to only one specific domain user.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Limit logon to a domain machine to only one specific domain user.

    I need to restrict logon to one domain machine to only the administrator and another one domain user account..

    Please guide me on how to do this?

    I have windows 7 and windows server 2003

  • #2
    Re: Limit logon to a domain machine to only one specific domain user.

    is very helpful - first hit leads to
    http://support.microsoft.com/kb/555317
    which seems to answer your requirements
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Limit logon to a domain machine to only one specific domain user.

      Thanks

      I have a problem now from that - i went to gpedit.msc and under the section deny logon locally - i added domain users to that section and i am unable to logon on to the machine

      i have tried as admin both domain and local but havent..its givin an error that "couldnt allow to logon you on interactively..

      pls assist.

      Comment


      • #4
        Re: Limit logon to a domain machine to only one specific domain user.

        Undo what you did and use option B instead of option C from the KB article.

        All AD users are members of the Domain Users group so you denied everyone the right to logon.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Limit logon to a domain machine to only one specific domain user.

          i tried option B i.e (Remove "NT AUTHORITY\Authenticated Users" uses from the list of users group)

          and add the specific domain user that i wanted to login to that list..

          However, this doesn't restrict other domain users from login in to the machine..

          is there something am doing wrong?

          Comment


          • #6
            Re: Limit logon to a domain machine to only one specific domain user.

            Another way to do it would be to Create a security group and add the user accounts to it.

            create a GPO > edit > Computer Settings>Windows Settings>Security Settings>Local
            Policies>User Rights Assignment> Deny log on locally
            add the security group you created earlier.
            Then add the computer accounts to the gpo.
            Do gpupdate/force and maybe restart the test client.

            Test first and good luck!
            Last edited by uk_network; 29th October 2013, 08:33.
            Please remember to award reputation points if you have received good advice.
            I do tend to think 'outside the box' so others may not always share the same views.

            MCITP -W7,
            MCSA+Messaging, CCENT, ICND2 slowly getting around to.

            Comment

            Working...
            X