[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2539
  • Last Modified:

Restrict use of a computer to one domain user


I'd like to restrict the use of my work computer to myself only.

Is there any easy way of doing this?


OS: Windows 7 Enterprise SP1
1 Solution
Lee W, MVPTechnology and Business Process AdvisorCommented:
Are you the network administrator?  You can prevent all users except domain admins (if you prevent them, policies can be applied to undo what you did - not to mention the reprimand you might receive for doing it.  

Assuming you are the workstation administrator (or rather, your account is in the local admins group), you can remove the "domain users" group from the list of "users" in the local Users group on your machine.
First u must check if u are allowed to do that.If this is true then u can always put a BIOS password that will prevent most people of tampering with ur workstation.
If u are not allowed and u have sensitive data then i would recommend to "re -examine" how sensitive are ur data and the "sensitive" ones encrypt them.
The easiest encryption is to compress them (Winzip,Winrar) and put a hard to forget password that contains special characters("@!#$%")
In local group policy, open
  Computer Configuration - Windows Settings - Security Settings - Local Policies - User Rights Assignment
Alter setting "Allow log on locally" and add in your username and remove the other entries.  You might want to add a local admin-level account too for safety.

There's also a similar "Deny log on locally" setting.  There are also related entries for accessing the computer from the network.
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

autotrixAuthor Commented:
Exactly what I need. Thanks!
Lee W, MVPTechnology and Business Process AdvisorCommented:
Poor solution in my opinion.

The more appropriate way is not to start messing with user rights assignments but rather to simply adjust group memberships.
For a single PC used by the person making the setting, it's the most straightforward.

It's not something you would apply via group policy to an OU though.
Lee W, MVPTechnology and Business Process AdvisorCommented:
And I disagree.  Most tech people I know would first look to resolve problems logging in by adding or removing users or groups from the local accounts database.  In my opinion, this is the more common sense approach.  Doing it by adjusting local policies would seem more suspicious to me like someone was trying to get away with something. This is in part because users and groups are easy to manage and not very confusing.  You generally need to (should) be an expert to navigate through local policies and not screw something up seriously.

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now