?
Solved

Limiting login to specific computer (domain)

Posted on 2004-10-12
11
Medium Priority
?
189 Views
Last Modified: 2010-04-14
We run a Windows 2000 DC here (active directory).  As you know, you can go anywhere and log into anyone's computer as long as you have a domain account. I need a way to prevent this from happening on my boss's PC. I want him to be the only one who can log into HIS pc

Is this something that is feasible? If so, does it  have to be defined at the domain level?
Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12287505
yes

start >run  >gpedit.msc

locate the "log on Locally" right and remove everyone exept domain administrators and your bosses user account
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 1600 total points
ID: 12287534
look in computer configuration > windows settings > security settings > local policies > user rights assignment > log on locally

double click it and add in your bosses user aboject then remove everyone else (though Id add domain admins to be on the safe side)
0
 

Author Comment

by:dissolved
ID: 12287625
Ok, so it is local policy I will be doing then?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:dissolved
ID: 12287686
Ok, just did it. Added her and myself to have local log in rights.

However, it would not let me click "APPLY" unless I added  "ADMINISTRATORS" to the logon local.  Is there anyway to have just her and I? Why must I include administrators? Any work around

Thanks Pete!
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 400 total points
ID: 12288396
administrators must be there, otherwize no administrator could log into the computer,,, and thats what administrators do.  Aren't you an admin?  So by adding the administrators you are already adding yourself.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12289083
mike is correct the administrators group is the local admin group on that PC anyway, as long as there is no one in that group (exept administrator of course you will be fine)
0
 

Author Comment

by:dissolved
ID: 12289163
If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
0
 

Author Comment

by:dissolved
ID: 12289184
also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
THanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12289220
>>If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?

yes

>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?

YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
0
 

Author Comment

by:dissolved
ID: 12290449
thanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12295314
ThanQ
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question