control login to certain people active directory 2003

Posted on 2010-01-06
Last Modified: 2012-05-08
I have a machine where i only want certain people to be able to log into.  we have a large amount of users.  i want only 2 id's to be able to log into this machine but its physically accessible to just about everyone.  i know in the users properties in active directory there is a place where it allows only certain computers to log into for that user.  is there a place where you can make it so only certain users can login to a computer.  
Question by:jamesmetcalf74
    LVL 20

    Accepted Solution

    That is a system security property ... and absolutely possible.

    Launch     secpol.msc     on the computer in question.

    Go into the Local Policies > User Rights Assignment and locate the "Log on locally" right.  Add the persons you wish to allow access and remove everyone else.
    LVL 70

    Assisted Solution

    by:Chris Dent

    Remove Domain Users from the local Users group, add in the list of users you want to be able to.

    That should prevent interactive login for everyone but your named list of users.

    LVL 14

    Assisted Solution

    Try this (I haven't actually tried myself!):

    1. Create an AD security group with the two users you want to allow logon to the computer.
    2. Create a new GPO.  Navigate to Computer Configuration> Windows Settings> Security Settings> Local Policies.
    3. Add the AD group to User Rights Assignment: Log on locally.  Make sure no other users (except Administrators) are allowed.
    4. Filter the GPO to apply only to that computer.  

    LVL 4

    Expert Comment

    go to active directory users and computers, go to the properties for the user then 'Account' tab and click on 'Log on to' and add the machines that you like there.


    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now