Limit Uesr to One Machine

[AcornD]

Is there a way that you can limit one machine on the domain to be accessable to only one person while all the others in the domain are accessable to everyone including the above person.

i.e Network technicians machine cannot be logged onto by anyone else in school but him but he can logon to every other machine in school

 

[1101001100110101]

You should be able to just edit the users and groups on the local machine so that none of the domain users or domain groups are in any of the built in groups on the local pc. Then just add the tech account to the local admin group and you should be set. As long as there is no local account the users may know to access the computer.

 

[wolluf]

Think you'll need to set a local group policy on the machine to deny logon access to all domain groups - and another one to allow access to just the technician's domain user (I'm not sure if this will work as technician is member of at least one domain group. Alternatively, set up new domain group which includes everyone except the technician, and deny access to that). Presumably the technician can look after local user access (ie, he'll control any passwords). You may also need to set local group policy to deny the same group access over the network (if you think someone is likely to try to access the machine that way, and you don't want them to).