How can I restrict a user to only be able to log on to a specific machine?

The title says it all :) ... Windows 2008 Active Directory
VanAlexAsked:
Who is Participating?
 
Henrik JohanssonSystems engineerCommented:
In ADUC: Open user properties->Account tab
Click "Log on to" and add the computers he's allowed to logon to.
0
 
superizCommented:
Remove the user from any security group that is allowed to log into the machines you want to prevent him from using.
0
 
superizCommented:
More: ... and then add him to a group that is allowed to log into the machine you want him to use.

Example:

If your machines generally allow the "Domain Users" group to login, then remove the user from the domain users group. Manually add the users domain account to the "Local Users" or "Local Administrators" group on the specific machine you want him to use. You probably want to create a new domain group to assign these rights since you will probably have add additional permissions for the user to access domain resources once he is removed from the domain users group.
0
 
VanAlexAuthor Commented:
That will bring a whole lot of new problems... In this case it will be preferable then, to not allow him to log on on specific machines, than to do it an all machines.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.