Shivtek
asked on
Only allow one user on a Domain Computer
Hey Guys,
We have a Domain controller running the active directory....I want to allow a specific user to be able to log onto a computer....so only that user can logon to that computer no other user.
Please help.
Thanks
We have a Domain controller running the active directory....I want to allow a specific user to be able to log onto a computer....so only that user can logon to that computer no other user.
Please help.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
go to domain controllers. add the user account and remove rest of the users.
to be more clear.
go to ADUC select ur computer add the user in the mermber of tab. remove the rest of the users
go to ADUC select ur computer add the user in the mermber of tab. remove the rest of the users
ASKER
MagicFarmer the two scenarios you mentioned were pretty detailed....Scenario 1 is what I am looking for.... once again was very impressed with the wording!...
ASKER
Please guide for Scenario2 for future reference as well..
Shivtek -- for Scenario 1, we will want to follow some of the points uday brought up --
IN AD Users/Computers, locate the domain workstation you want user X to access, and remove the "users" group completely. You will be left with Admin and System, possibly some other power users depending on your AV and other software considerations. Add user X to the workstation and give him full permissions. Since X is already a member of "Users" (at least) then he will be able to access other workstations in your domain as well.
If you want X restricted to one single workstation, then add him to ADUC on the workstation, but leave them out of the other groups. In this scenario make sure your local workstation settings are set so user X can still utilize server-based apps, like Office or your AV.
I am a little punchy, so I apologize if I am talking a bit in circles. Let us know if this works for you.
IN AD Users/Computers, locate the domain workstation you want user X to access, and remove the "users" group completely. You will be left with Admin and System, possibly some other power users depending on your AV and other software considerations. Add user X to the workstation and give him full permissions. Since X is already a member of "Users" (at least) then he will be able to access other workstations in your domain as well.
If you want X restricted to one single workstation, then add him to ADUC on the workstation, but leave them out of the other groups. In this scenario make sure your local workstation settings are set so user X can still utilize server-based apps, like Office or your AV.
I am a little punchy, so I apologize if I am talking a bit in circles. Let us know if this works for you.
ASKER
When I go to the Workstation in the AD, it doesn't have a option/tab where I could specify which users can access this machine....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
wondering if the Limitlogin utility would be helpful. everyone cann access all the computers but are limited to login only once from the workstations.