[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

control login to certain people active directory 2003

I have a machine where i only want certain people to be able to log into.  we have a large amount of users.  i want only 2 id's to be able to log into this machine but its physically accessible to just about everyone.  i know in the users properties in active directory there is a place where it allows only certain computers to log into for that user.  is there a place where you can make it so only certain users can login to a computer.  
3 Solutions
Delphineous SilverwingGood Ol' GeekCommented:
That is a system security property ... and absolutely possible.

Launch     secpol.msc     on the computer in question.

Go into the Local Policies > User Rights Assignment and locate the "Log on locally" right.  Add the persons you wish to allow access and remove everyone else.
Chris DentPowerShell DeveloperCommented:

Remove Domain Users from the local Users group, add in the list of users you want to be able to.

That should prevent interactive login for everyone but your named list of users.

Try this (I haven't actually tried myself!):

1. Create an AD security group with the two users you want to allow logon to the computer.
2. Create a new GPO.  Navigate to Computer Configuration> Windows Settings> Security Settings> Local Policies.
3. Add the AD group to User Rights Assignment: Log on locally.  Make sure no other users (except Administrators) are allowed.
4. Filter the GPO to apply only to that computer.  

go to active directory users and computers, go to the properties for the user then 'Account' tab and click on 'Log on to' and add the machines that you like there.


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now