Restricting a domain computer to 1 domain user

[astaylor]

I would like to restrict 1 computer on my domain to just 1 domain user plus admins without affecting all other computers on the domain. Can someone please help me here?

-drew

 

[nedrudrelyt]

Here are few ideas for you:
- Try going Local Users and Computers and removing the users that you don't want to log onto the computer?
- You could also write a script to check to see which user was logged on. If it wasn't a user you wanted the script could log them off right away.

nedrudrelyt = tyler durden

 

[LWComputingMVP]

I think your best option is the first of nedrudrelyt's suggestions. Remove the "Domain Users" group from the local system Users group, and just add the specific user you want to have access. Better still, create a domain group and replace the Domain Users with the domain group - that way you can easily add and remove users to the list of authorized users later on.

 

[astaylor]

tyler, what would the script look like for what you mentioned?

 

[Stevehewitt]

Remove domain users from the 'log on locally' policy for the machine and add the single user to it.




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[astaylor]

worked. thanks alot!

 

[eraH]

Another way, is to open AD Users and Computer.
Open up the persons account, go to the account page and there is a "Logon To" button. You can use this to restrict the user to only certain computers.

 

[LWComputingMVP]

Yes, that's correct hareb - if you want to restrict the USER to one computer. But if you want to restrict the COMPUTER to one user, then you have to use the methods we describe above.

 

[eraH]

Doh, shouldn't have read that better.