Solved

Limiting login to specific computer (domain)

Posted on 2004-10-12
11
187 Views
Last Modified: 2010-04-14
We run a Windows 2000 DC here (active directory).  As you know, you can go anywhere and log into anyone's computer as long as you have a domain account. I need a way to prevent this from happening on my boss's PC. I want him to be the only one who can log into HIS pc

Is this something that is feasible? If so, does it  have to be defined at the domain level?
Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12287505
yes

start >run  >gpedit.msc

locate the "log on Locally" right and remove everyone exept domain administrators and your bosses user account
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 400 total points
ID: 12287534
look in computer configuration > windows settings > security settings > local policies > user rights assignment > log on locally

double click it and add in your bosses user aboject then remove everyone else (though Id add domain admins to be on the safe side)
0
 

Author Comment

by:dissolved
ID: 12287625
Ok, so it is local policy I will be doing then?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:dissolved
ID: 12287686
Ok, just did it. Added her and myself to have local log in rights.

However, it would not let me click "APPLY" unless I added  "ADMINISTRATORS" to the logon local.  Is there anyway to have just her and I? Why must I include administrators? Any work around

Thanks Pete!
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 100 total points
ID: 12288396
administrators must be there, otherwize no administrator could log into the computer,,, and thats what administrators do.  Aren't you an admin?  So by adding the administrators you are already adding yourself.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12289083
mike is correct the administrators group is the local admin group on that PC anyway, as long as there is no one in that group (exept administrator of course you will be fine)
0
 

Author Comment

by:dissolved
ID: 12289163
If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
0
 

Author Comment

by:dissolved
ID: 12289184
also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
THanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12289220
>>If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?

yes

>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?

YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
0
 

Author Comment

by:dissolved
ID: 12290449
thanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12295314
ThanQ
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
demote crashed domain controller (server 2000) 3 1,021
Windows WEb Server sp2 13 524
P2V conversion for Windows NT 4.0 Server 2 2,325
Windows 2000 48-bit LBA 13 54
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime is disastrous for companies and can lead to major hits on a brand, reputation, an…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question