Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Restrict domain accounts that can log into specific computers?

Posted on 2011-03-16
2
Medium Priority
?
608 Views
Last Modified: 2012-05-11
We use roaming profiles in our office under a Server 2008 domain environment with all windows 7 workstations.

Our managers sit in the same area as support staff and previously they once in a while would use a managers computer for work, since they had a roaming profile.

now managers have access to skype and such, support clerks dont, so i wanted to prevent people from logging into certain machines.

For example only Joe Blow can log into his computer with his domain account, no one else.

is this possible?

i did read up on some methods but they seem rather long and drawn out.
0
Comment
Question by:Mathiau
2 Comments
 
LVL 7

Expert Comment

by:brota
ID: 35151827
go to the properties of the user account go to the account tab.
there is a logon to button
0
 
LVL 4

Accepted Solution

by:
bigstyler earned 2000 total points
ID: 35152602
Hi,

in your situation, it shoud be better to use the "deny logon locally" group policy settings : http://technet.microsoft.com/en-us/library/cc957048.aspx

With this method, you will be able to deny a specific group to logon on locally to some specific computers (those that will be in the scope of the GPO).

It will be then more easy for you to deploy this configuration on several computers with group policy and not individually on each computer.

Otherwise, it is possible to define an "allow logon locally" settings, that will do the trick by removing the "domain users" group and adding a group that is containing the granted users.(http://technet.microsoft.com/en-us/library/cc756809(WS.10).aspx)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question