Link to home
Start Free TrialLog in
Avatar of dissolved
dissolved

asked on

Limiting login to specific computer (domain)

We run a Windows 2000 DC here (active directory).  As you know, you can go anywhere and log into anyone's computer as long as you have a domain account. I need a way to prevent this from happening on my boss's PC. I want him to be the only one who can log into HIS pc

Is this something that is feasible? If so, does it  have to be defined at the domain level?
Thanks
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

yes

start >run  >gpedit.msc

locate the "log on Locally" right and remove everyone exept domain administrators and your bosses user account
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dissolved
dissolved

ASKER

Ok, so it is local policy I will be doing then?
Ok, just did it. Added her and myself to have local log in rights.

However, it would not let me click "APPLY" unless I added  "ADMINISTRATORS" to the logon local.  Is there anyway to have just her and I? Why must I include administrators? Any work around

Thanks Pete!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
mike is correct the administrators group is the local admin group on that PC anyway, as long as there is no one in that group (exept administrator of course you will be fine)
If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
THanks guys
>>If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?

yes

>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?

YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
thanks guys
ThanQ