Restrict domain accounts that can log into specific computers?

We use roaming profiles in our office under a Server 2008 domain environment with all windows 7 workstations.

Our managers sit in the same area as support staff and previously they once in a while would use a managers computer for work, since they had a roaming profile.

now managers have access to skype and such, support clerks dont, so i wanted to prevent people from logging into certain machines.

For example only Joe Blow can log into his computer with his domain account, no one else.

is this possible?

i did read up on some methods but they seem rather long and drawn out.
LVL 2
MathiauAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
bigstylerConnect With a Mentor Commented:
Hi,

in your situation, it shoud be better to use the "deny logon locally" group policy settings : http://technet.microsoft.com/en-us/library/cc957048.aspx

With this method, you will be able to deny a specific group to logon on locally to some specific computers (those that will be in the scope of the GPO).

It will be then more easy for you to deploy this configuration on several computers with group policy and not individually on each computer.

Otherwise, it is possible to define an "allow logon locally" settings, that will do the trick by removing the "domain users" group and adding a group that is containing the granted users.(http://technet.microsoft.com/en-us/library/cc756809(WS.10).aspx)
0
 
brotaCommented:
go to the properties of the user account go to the account tab.
there is a logon to button
0
All Courses

From novice to tech pro — start learning today.