Only accept user1 and administrator 3

[tekquest]

all,

can I configure my windows 2000 pro computer to only accept the administrator and user1? if someone else was to come along and type in user2 and their password, I want it to bar them.. is this achieved via profiles?

thanks for your time,


luke

 

[Ntr0P]

If you are talking about local users on only 1 PC, the easiest way is to alter who can "Log on Locally". This is done in Local Security Settings in Local Policies\User Rights Assignment.

 

[tekquest]

Can I do this via c:\winnt\system32\gpedit.msc?

I am connected to a domain, any ideas on doing it this way?

Thanks,

Luke

 

[Ntr0P]

Actually secpol.msc. Are you trying to prevent domain users or local users (those accounts actually created on your machine)?

 

[QldSugardaddy]

to only allow user1 and administrator for local logins, right click on my computer on the desktop and go to manage, choose local users and groups/users
in the right hand window, highglight the users you want to get rid of and right click/delete.
alternatively, right click and change password, or right click and go to properties and then tick disabled. all this will stop access When in doubt, kick 'er in the guts

 

[tekquest]

I am trying to prevent domain users (the accounts are kept on an NT4.0 server)

Thanks for the reply,


Luke

 

[Ntr0P]

Go to Computer Manager on your machine and remove any domain accounts from the Groups defined there. Make sure only the domain account Administrator and User1 are members of any of the local groups.

 

[tekquest]

There is only my user, and the administrator,

could this be configured somewhere else?

Thanks,

Luke

 

[Ntr0P]

By somewhere else, if you mean remotely, the answer is yes. Same method mentioned above, just connect to the remote machine instead of the local machine.

 

[tekquest]

Basically, since its a domain logon, there are no more than user1 and administrator in the Computer manager, but any other user can still login, because it is on the domain.

Can I restrict it to be only user1 and administrator for the domain? I know I can restrict this on the local pc, and not connect it to the domain, but this will cause some other problems with security programs etc.

Thanks,

Luke

 

[Ntr0P]

Perhaps I am dense (a DISTINCT possibility), but let's review here so I am completely straight:

User1 and administrator are local accounts on the pc in question.

The pc in question is a member of a domain.

No domain users should be able to log on to the pc in question.

If the above three statements are correct, make sure you remove any domain group/user accounts from the local group accounts on the pc in question. Problem solved.

 

[tekquest]

ok, I will re-explain, I can sometimes not explain things clearly!!

I have a local administrator account, I have a domain administrator account and a DOMAIN user1 account, I would like to block any other DOMAIN accounts from logging onto the pc in question, except for the Local & domain administrator and the DOMAIN user1 account.

Thanks,

Luke

 

[Ntr0P]

Crystal clear now. Still basically the same thing though.

Make sure no domain accounts are configured in the local groups on the pc.

Add the Domain Administrator account to the local administrator group of the pc.

Add teh Domain user1 account the local group of your choosing to on the pc.

 

[wolluf]

Tekquest,

I think NtrOP answered your question with this post from earlier in the thread:-

If you are talking about local users on only 1 PC, the easiest way is to alter who can "Log on Locally". This is done in Local Security Settings in Local Policies\User Rights Assignment.

(which is run secpol.msc as he also mentioned). If you untick all the boxes for users/groups you don't want logging in and then just add the three users you do want logging in, that should do it.

 

[tekquest]

Guys,

Thanks very much, I see that I can modify who can logon also by selecting the drop down box (which will show the domain, I can then add and stop all users but the ones I want from connecting!)

THANKS VERY MUCH!!