Solved

How can I restrict a user to only be able to log on to a specific machine?

Posted on 2008-06-17
5
285 Views
Last Modified: 2010-03-17
The title says it all :) ... Windows 2008 Active Directory
0
Comment
Question by:VanAlex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 3

Expert Comment

by:superiz
ID: 21807817
Remove the user from any security group that is allowed to log into the machines you want to prevent him from using.
0
 
LVL 3

Expert Comment

by:superiz
ID: 21807846
More: ... and then add him to a group that is allowed to log into the machine you want him to use.

Example:

If your machines generally allow the "Domain Users" group to login, then remove the user from the domain users group. Manually add the users domain account to the "Local Users" or "Local Administrators" group on the specific machine you want him to use. You probably want to create a new domain group to assign these rights since you will probably have add additional permissions for the user to access domain resources once he is removed from the domain users group.
0
 

Author Comment

by:VanAlex
ID: 21807881
That will bring a whole lot of new problems... In this case it will be preferable then, to not allow him to log on on specific machines, than to do it an all machines.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 200 total points
ID: 21807903
In ADUC: Open user properties->Account tab
Click "Log on to" and add the computers he's allowed to logon to.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question