Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Restrict logon on a pc to only one specific user

Posted on 2010-01-11
8
Medium Priority
?
729 Views
Last Modified: 2012-08-14
I have one PC (Station1) that I need to restrict logon to only one specific domain user (User1) and of course Domain Admins. For all other pc's, any user can logon anywhere. What is the simplest way of implementing this ?
Presently, all users are allowed to logon to any pc. Running SBS2003 with XP pc's.
Thanks.
0
Comment
Question by:ndidomenico
  • 5
  • 3
8 Comments
 
LVL 3

Accepted Solution

by:
Kyosh earned 2000 total points
ID: 26283303
Use local security policy.
You didn't specify what OS the PC had but i believe this should be similar for most Windows Installations:
Control Panel -> Administrative Tools -> Local Security Policy ->
Security Settings -> Local Policies -> User Rights Assignment -> Allow Logon Locally
0
 
LVL 3

Expert Comment

by:Kyosh
ID: 26283311
Oh, sorry, didn't notice that you said XP.
Should work never the less.
0
 

Author Comment

by:ndidomenico
ID: 26284792
In the Logon Locally list, the following users are presently listed: Administrators, Backup Operators, Power Users, Users, Guest.
I suppose I would have to remove Users and Power Users, and insert User1 ?
Question1: Does "Users" refer to domain users, or local users on that XP machine ?
Question2: Would default SBS2003 GPO override this setting ?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Expert Comment

by:Kyosh
ID: 26284917
Thost groups refer to the local groups, but if you have a look at the local groups you will see that the member of the local group user is probably Domain users.
Default GPO can override the setting if you've specified in the GPO another value for the policy.
But usually you specify in the default GPO that Domain Users are member of local group User and Domain admin are member of local group Administrators

To answer your question: Yes, remove Users and Power Users and insert User1.
0
 

Author Comment

by:ndidomenico
ID: 26285178
In AD, the "Log On To..." setting (Server Management, Users, selected user, Account tab)  for all users is set to "This user can log on to: All Computers". Will this setting override any local setting I would make on that specific PC the way you suggested earlier ?
0
 
LVL 3

Expert Comment

by:Kyosh
ID: 26285252
That setting just restricts that given user from logging into any other computers, it does not restrict others from logging into that same computer.

To answer your question: No, that setting will not override any local settings in the way i suggested earlier.
0
 

Author Comment

by:ndidomenico
ID: 26285296
Last question before closing this post. If we wanted to restrict each PC to a specific user, should we use the local policy method discussed in this question, or rather use AD and specify in the Account tab to which pc a user has the right to logon ? (or a GPO ?)
0
 
LVL 3

Expert Comment

by:Kyosh
ID: 26286153
That would have to be your choice, you have the choice between:
- AD: Define pc's each user can log on to
- Local: Define users that can log on to each PC.

What works best for you?

I would suggest the Local option if all PC's are easily accessable (ex. in the same building).
If your pc's are located at a remote site it would probably be easier for you to restrict access via AD.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question