DeanWeinert
asked on
restrict domain user accounts to only allow logon to a specific machine
Hello,
I'm doing some consulting at a company at the moment who asked me a very reasonable question, but I could not give them an answer.
They asked if it was possible to create a policy that will prevent them from logging onto any machine in the domain - IE, is there any way to associate their user account with a specific machine, and ensure that they can ONLY log onto this machine in the domain, as oposed to any machine of their choice. Obviously, a domain user account can, by default, be used to log onto any domain attached machine. Can you change this?
Running:
Windows 2000 SBS
AD Domain Environment
Windows XP SP2 Desktops
Thankyou all in advance for your assistance!!!!
I'm doing some consulting at a company at the moment who asked me a very reasonable question, but I could not give them an answer.
They asked if it was possible to create a policy that will prevent them from logging onto any machine in the domain - IE, is there any way to associate their user account with a specific machine, and ensure that they can ONLY log onto this machine in the domain, as oposed to any machine of their choice. Obviously, a domain user account can, by default, be used to log onto any domain attached machine. Can you change this?
Running:
Windows 2000 SBS
AD Domain Environment
Windows XP SP2 Desktops
Thankyou all in advance for your assistance!!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SeanUK777 has the correct answer but i wanted to post a link about loopback processing since it goes hand in hand with this question. What if you wanted a GPO to only be applied to a specific user(s) on a specific computer(s). to do this you would have to configure a loopback policy... see below:
http://support.microsoft.com/?kbid=231287
http://support.microsoft.com/?kbid=231287
computer configuration\windows settings\security settings\local policies\User rights assignment
Look also here:
http://www.jsifaq.com/subm/tip6100/rh6131.htm
Hope it helps, Elbereth