Greetings and thank you for reading.
Background: I'm the network assistant administrator, I manage a single domain using Windows Server 2008 R2 with 150 users and about 120 machines. I am the ONLY IT individual on site. Last year, we installed two xp machines in our lecture hall to be used for Powerpoint presentations. We created an User account named "Projector" and informed staff to use that log in. Staff continues to use their own credentials to log in and get frustrated when they realize they are missing items.
Management has requested that all user accounts, other than "Projector" and "Administrator", be removed from the machine so that ONLY "Projector" or "Administer" can log in it.
I have asked for help with other sources who suggest that I modify the User account and just exclude the select machines from being able to "logon" screen. Problem is, the user needs to have rights to be able to log into any OTHER machine, just not the Projector. Besides, I really don't want to modify 120 users, adding machines that I "think" they'll need access to.
I know there has to be a way in Group Policy to manage this, but I'm very new at this.
I hope I asked the question correctly. Simple question is: "How do I restrict who can log on to a specific computer?"