I've got a small client with a Windows 2008 r2 server and about a 2 dozen Windows XP fully patched workstations. Users are permitted to log in to any workstation. The client wants to change one of those Windows XP workstations to only allow login to a small subset of their users.
I know that you can restrict login of user accounts to specific machines in the domain, but I want the opposite, allow login to all machines EXCEPT this one.
Is there a group policy that might work somewhere?
I also want to make sure that it's not accessible via remote desktop, but that should be doable so long as I only allow administators to access RDP on the machine and don't have any of the non-allowed users in the admin group right?