How to restrict access to a PC to certain users via SBS 2003

Posted on 2009-12-22
Last Modified: 2012-05-08
I need help working on  SBS 2003 (Server 2003) domain network.

I want to configure so that the only users certain users can access a PC that uses an SBS 2003 (Server 2003) domain network. There are four of these users.

I want to make it so that all other users cannot use this PC to log on locally or to the domain.

There are several users I want to restrict access to this PC from, and several computers on the network. Going to each user profile and adding all the other computers thru the "Log on to" would be an administrative nightmare, now and when new computers are added to the domain.

Is there a way to do this?

Thank you.

Question by:akus1
    LVL 8

    Accepted Solution

    You can do this via AD and Group Policy

    Open the user's object properties, go to the account tab, and choose "logon to" button and choose what they can/can't logon to via the domain.

    Group Policy:

    create a security group and add the users you want to this group (can be done locally or via domain, just done locally for each machine if you want to go the all local route)

    "In the GPO under Computer
    Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment add the group of users you want to be able to login locally.

    Enable the following settings:
    Allow logon locally - your user group.
    Allow logon through Terminal Services - your user group

    After this, you need to define the deny logon locally.

    Check the check box to "define settings", then remove any entries that are present.

    That's right, you WANT to define the settings but have NO entries.

    Enable the following settings:
    Deny logon locally - Define but no entries.
    Deny logon through Terminal Services - Define but no entries"
    LVL 24

    Expert Comment

    Maniac_47,your first option will not apply as he wants to deny access for all user except 4.
    The first option you gave wil make user to login to that system only but other will also be able to login along with four,result will not be achieved.
    Create a new OU,a new GPO,move the 4 computer modify the new GPO policy under
    Configuration/Windows Settings/Security Settings/Local Policies/Users Rights Assignment
    Remove everyone from login locally & through remote or terminal services.
    Add the 4 user or the group you have created,will make you achieve the desired result.

    Run gpudate /force on server & may require client syetem to reboot as setting done into computer configuration will not apply without restart.
    Also the for machine needs to rebooted.

    Author Closing Comment

    Thank you.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now