Restrict use of a computer to one domain user

Posted on 2012-08-26
Last Modified: 2012-08-27

I'd like to restrict the use of my work computer to myself only.

Is there any easy way of doing this?


OS: Windows 7 Enterprise SP1
Question by:autotrix
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Are you the network administrator?  You can prevent all users except domain admins (if you prevent them, policies can be applied to undo what you did - not to mention the reprimand you might receive for doing it.  

    Assuming you are the workstation administrator (or rather, your account is in the local admins group), you can remove the "domain users" group from the list of "users" in the local Users group on your machine.
    LVL 3

    Expert Comment

    First u must check if u are allowed to do that.If this is true then u can always put a BIOS password that will prevent most people of tampering with ur workstation.
    If u are not allowed and u have sensitive data then i would recommend to "re -examine" how sensitive are ur data and the "sensitive" ones encrypt them.
    The easiest encryption is to compress them (Winzip,Winrar) and put a hard to forget password that contains special characters("@!#$%")
    LVL 16

    Accepted Solution

    In local group policy, open
      Computer Configuration - Windows Settings - Security Settings - Local Policies - User Rights Assignment
    Alter setting "Allow log on locally" and add in your username and remove the other entries.  You might want to add a local admin-level account too for safety.

    There's also a similar "Deny log on locally" setting.  There are also related entries for accessing the computer from the network.

    Author Closing Comment

    Exactly what I need. Thanks!
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Poor solution in my opinion.

    The more appropriate way is not to start messing with user rights assignments but rather to simply adjust group memberships.
    LVL 16

    Expert Comment

    For a single PC used by the person making the setting, it's the most straightforward.

    It's not something you would apply via group policy to an OU though.
    LVL 95

    Expert Comment

    by:Lee W, MVP
    And I disagree.  Most tech people I know would first look to resolve problems logging in by adding or removing users or groups from the local accounts database.  In my opinion, this is the more common sense approach.  Doing it by adjusting local policies would seem more suspicious to me like someone was trying to get away with something. This is in part because users and groups are easy to manage and not very confusing.  You generally need to (should) be an expert to navigate through local policies and not screw something up seriously.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
    This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
    The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now