Link to home
Start Free TrialLog in
Avatar of MongolianNoseFlute
MongolianNoseFluteFlag for Ireland

asked on

how to prevent domain users from logging onto PC except one user


Im working on a small project, it is to do with Meeting Rooms. Im making the Meeting Rooms PC's locked down so that you can only access certain programs and files.  I am trying to make sure (BoardRoom Dublin) (Domain User) is the only account allowed onto the PC,  Also that i can switch user and log in an Admin in case of any problems.

However, i cant figure it out.  I need the BoardRoom Dublin account to be able to receive updates from the Group policy aswell so i cannot set this locally?

Avatar of Pramod Ubhe
You can controll that via below settings which can be applied through GPOs -

go to start > run > type gpedit.msc and hit enter > computer configuration > windows settings > security settings > local policies > user rights assignment > Allow logon locally
Avatar of rebelscum

You can also set in active directory computers what users can and cannot logon to machines. Just fine the PC in AD and change it so only your specified user can access it.
To disable Switch user option please follow the link below & let me know if this helps you.
Avatar of MongolianNoseFlute



some of the comments were helpful but not for exactly what I need, I cant use the local policies such as deny logon locally because the local policies get overwritten by the Group policies for who ever is on the network.  So is there a way for me to set a policy in group policy that does a similar job to (gpedit.msc-computer configuration > windows settings > security settings > local policies > user rights assignment > Allow logon locally)
Avatar of Pramod Ubhe
Pramod Ubhe
Flag of India image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial