dissolved
asked on
Limiting login to specific computer (domain)
We run a Windows 2000 DC here (active directory). As you know, you can go anywhere and log into anyone's computer as long as you have a domain account. I need a way to prevent this from happening on my boss's PC. I want him to be the only one who can log into HIS pc
Is this something that is feasible? If so, does it have to be defined at the domain level?
Thanks
Is this something that is feasible? If so, does it have to be defined at the domain level?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, so it is local policy I will be doing then?
ASKER
Ok, just did it. Added her and myself to have local log in rights.
However, it would not let me click "APPLY" unless I added "ADMINISTRATORS" to the logon local. Is there anyway to have just her and I? Why must I include administrators? Any work around
Thanks Pete!
However, it would not let me click "APPLY" unless I added "ADMINISTRATORS" to the logon local. Is there anyway to have just her and I? Why must I include administrators? Any work around
Thanks Pete!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
mike is correct the administrators group is the local admin group on that PC anyway, as long as there is no one in that group (exept administrator of course you will be fine)
ASKER
If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
ASKER
also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
THanks guys
THanks guys
>>If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
yes
>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
yes
>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
ASKER
thanks guys
ThanQ
start >run >gpedit.msc
locate the "log on Locally" right and remove everyone exept domain administrators and your bosses user account