Solved

Limiting login to specific computer (domain)

Posted on 2004-10-12
11
184 Views
Last Modified: 2010-04-14
We run a Windows 2000 DC here (active directory).  As you know, you can go anywhere and log into anyone's computer as long as you have a domain account. I need a way to prevent this from happening on my boss's PC. I want him to be the only one who can log into HIS pc

Is this something that is feasible? If so, does it  have to be defined at the domain level?
Thanks
0
Comment
Question by:dissolved
  • 5
  • 5
11 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12287505
yes

start >run  >gpedit.msc

locate the "log on Locally" right and remove everyone exept domain administrators and your bosses user account
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 400 total points
ID: 12287534
look in computer configuration > windows settings > security settings > local policies > user rights assignment > log on locally

double click it and add in your bosses user aboject then remove everyone else (though Id add domain admins to be on the safe side)
0
 

Author Comment

by:dissolved
ID: 12287625
Ok, so it is local policy I will be doing then?
0
 

Author Comment

by:dissolved
ID: 12287686
Ok, just did it. Added her and myself to have local log in rights.

However, it would not let me click "APPLY" unless I added  "ADMINISTRATORS" to the logon local.  Is there anyway to have just her and I? Why must I include administrators? Any work around

Thanks Pete!
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 100 total points
ID: 12288396
administrators must be there, otherwize no administrator could log into the computer,,, and thats what administrators do.  Aren't you an admin?  So by adding the administrators you are already adding yourself.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 57

Expert Comment

by:Pete Long
ID: 12289083
mike is correct the administrators group is the local admin group on that PC anyway, as long as there is no one in that group (exept administrator of course you will be fine)
0
 

Author Comment

by:dissolved
ID: 12289163
If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?
0
 

Author Comment

by:dissolved
ID: 12289184
also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?
THanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12289220
>>If I add my domain account (which is a domain admin) and my boss's domain account , wouldnt that let me log in anyway?

yes

>>also, if there is a domain GPO that is created later down the road, it will take precedence over this local configuration I just did right?

YES! if this is going to be a problem create an OU put this PC in it and create a GPO just for that OU
0
 

Author Comment

by:dissolved
ID: 12290449
thanks guys
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12295314
ThanQ
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now