control login to certain people active directory 2003

I have a machine where i only want certain people to be able to log into.  we have a large amount of users.  i want only 2 id's to be able to log into this machine but its physically accessible to just about everyone.  i know in the users properties in active directory there is a place where it allows only certain computers to log into for that user.  is there a place where you can make it so only certain users can login to a computer.  
Who is Participating?
Delphineous SilverwingConnect With a Mentor Good Ol' GeekCommented:
That is a system security property ... and absolutely possible.

Launch     secpol.msc     on the computer in question.

Go into the Local Policies > User Rights Assignment and locate the "Log on locally" right.  Add the persons you wish to allow access and remove everyone else.
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Remove Domain Users from the local Users group, add in the list of users you want to be able to.

That should prevent interactive login for everyone but your named list of users.

amichaellConnect With a Mentor Commented:
Try this (I haven't actually tried myself!):

1. Create an AD security group with the two users you want to allow logon to the computer.
2. Create a new GPO.  Navigate to Computer Configuration> Windows Settings> Security Settings> Local Policies.
3. Add the AD group to User Rights Assignment: Log on locally.  Make sure no other users (except Administrators) are allowed.
4. Filter the GPO to apply only to that computer.  

go to active directory users and computers, go to the properties for the user then 'Account' tab and click on 'Log on to' and add the machines that you like there.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.