Solved

Limiting login to specific computer (domain)

Posted on 2004-10-12
11
182 Views
Last Modified: 2010-04-14
We run a Windows 2000 DC here (active directory).  As you know, you can go anywhere and log into anyone's computer as long as you have a domain account. I need a way to prevent this from happening on my boss's PC. I want him to be the only one who can log into HIS pc

Is this something that is feasible? If so, does it  have to be defined at the domain level?
Thanks
0
Comment
Question by:dissolved
  • 5
  • 5
11 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12287505
yes

start >run  >gpedit.msc

locate the "log on Locally" right and remove everyone exept domain administrators and your bosses user account
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 400 total points
ID: 12287534
look in computer configuration > windows settings > security settings > local policies > user rights assignment > log on locally

double click it and add in your bosses user aboject then remove everyone else (though Id add domain admins to be on the safe side)
0
 

Author Comment

by:dissolved
ID: 12287625
Ok, so it is local policy I will be doing then?
0
 

Author Comment

by:dissolved
ID: 12287686
Ok, just did it. Added her and myself to have local log in rights.

However, it would not let me click "APPLY" unless I added  "ADMINISTRATORS" to the logon local.  Is there anyway to have just her and I? Why must I include administrators? Any work around

Thanks Pete!
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 100 total points
ID: 12288396
administrators must be there, otherwize no administrator could log into the computer,,, and thats what administrators do.  Aren't you an admin?  So by adding the administrators you are already adding yourself.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 57

Expert Comment

by:Pete Long
ID: 12289083
mike is correct the administrators group is the local admin group on that PC anyway, as long as there is no one in that group (exept administrator of course you will be fine)
0
 

Author Comment

by:dissolved
ID: 12289163
If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
0
 

Author Comment

by:dissolved
ID: 12289184
also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
THanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12289220
>>If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?

yes

>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?

YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
0
 

Author Comment

by:dissolved
ID: 12290449
thanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12295314
ThanQ
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now