restrict domain user accounts to only allow logon to a specific machine

Posted on 2005-05-10
Last Modified: 2009-12-16

I'm doing some consulting at a company at the moment who asked me a very reasonable question, but I could not give them an answer.

They asked if it was possible to create a policy that will prevent them from logging onto any machine in the domain - IE, is there any way to associate their user account with a specific machine, and ensure that they can ONLY log onto this machine in the domain, as oposed to any machine of their choice.  Obviously, a domain user account can, by default, be used to log onto any domain attached machine.  Can you change this?

Windows 2000 SBS
AD Domain Environment
Windows XP SP2 Desktops

Thankyou all in advance for your assistance!!!!
Question by:DeanWeinert
    LVL 11

    Expert Comment

    You can configure this policy:
    computer configuration\windows settings\security settings\local policies\User rights assignment
    Look also here:
    Hope it helps, Elbereth
    LVL 10

    Accepted Solution

    Goto the properties of the User Account -> Select the Account tab -> select Log On To -> Select 'the following computers radio button' -> enter the host name of the computer that are allowed to use.
    LVL 25

    Expert Comment

    SeanUK777 has the correct answer but i wanted to post a link about loopback processing since it goes hand in hand with this question.  What if you wanted a GPO to only be applied to a specific user(s) on a specific computer(s). to do this you would have to configure a loopback policy... see below:


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Windows 2000 and 2008 Servers Network Stopping 7 911
    Recreate New ADC 1 268
    Outlook 2013 Certicate error 1 279
    ClamAV for Old Windows 2000 Server 7 1,838
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now