Solved

How can I restrict a user to only be able to log on to a specific machine?

Posted on 2008-06-17
5
265 Views
Last Modified: 2010-03-17
The title says it all :) ... Windows 2008 Active Directory
0
Comment
Question by:VanAlex
  • 2
5 Comments
 
LVL 3

Expert Comment

by:superiz
ID: 21807817
Remove the user from any security group that is allowed to log into the machines you want to prevent him from using.
0
 
LVL 3

Expert Comment

by:superiz
ID: 21807846
More: ... and then add him to a group that is allowed to log into the machine you want him to use.

Example:

If your machines generally allow the "Domain Users" group to login, then remove the user from the domain users group. Manually add the users domain account to the "Local Users" or "Local Administrators" group on the specific machine you want him to use. You probably want to create a new domain group to assign these rights since you will probably have add additional permissions for the user to access domain resources once he is removed from the domain users group.
0
 

Author Comment

by:VanAlex
ID: 21807881
That will bring a whole lot of new problems... In this case it will be preferable then, to not allow him to log on on specific machines, than to do it an all machines.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 200 total points
ID: 21807903
In ADUC: Open user properties->Account tab
Click "Log on to" and add the computers he's allowed to logon to.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now