In my AD, there is one domain join computer (workstation). According to our policy, we want to restrict login onto this computer for all domain user account except 2 accounts ( one for this computer owner & one for administrator). So how can I configure for this??
You could do that by changing the User-Workstations attribute either by scripting it with Dsmod or via ADUC. Mult-select all the users – Right-click – Properties – Click the account tab – Select the Computer restrictions option – then add the Netbios or Dns name of the workstation in the Logon to page.
Or you can do it individually for each user account following pretty much the above steps.