• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 310
  • Last Modified:

1 computer only 1 account can login.

My computer joined domain, that means some people can login my computer and get data, how can I change only my account can login my computer, another domain account cannot even administrator? I am using windows XP sp3, DC: windows server 2003 RC2 SP2.

Please help me!
1 Solution
Mr Back have I read your posting correctly?

Your computer is a member of a domain.
You have your own domain account on the computer and you wish that no one else logs into your computer?

I am almost certain that this is not possable but I will have a good look around.
As the Admin, you can use group policy to change the "logon locally" policy.  Make sure not to lock out administrators groups.  I guess for that matter,  you could also use the Deny Logon locally option.

Windows Settings>Security Settings>Local Policies>User Rights Assignment

deroodeSystems AdministratorCommented:
Or you could use a tool like Truecrypt to encrypt your harddrive. That way nobody can even startup the computer...

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Will your bios allow you to setup a password for bootup? If so lock down the machine via the bios and you dont have to worry about who has domain authorization.
Keep in mind, if your Domain Admin sees that he cannot access your PC, you will probably be deffered to HR for violation of the Computer Usage policy (if there is one). You cant block out the Domain Admin. You might also have domain Service Accounts that need access to the PC to get it updated, rollout installs etc....
Just not feasible....
GPO is the proper way to do it.  If you are the admin (domain level), then you should have no problems with this method.   If you are not the Domain Admin, then you can use the other options, but as John stated, you run the risk of getting on the Domain Admins/HR bad side.   You will need to check with your IT org if you don't have the priveleges.
If the data on your machine is that important that you dont trust your domain admin to have rights to see it then you need to encrypt. You also run the risk of losing said data if its not backed up, so you need a strategy there too.

This brings you to a honor system. If the data is private for corporate reasons then logging access is the only way to know who is seeing it.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now