Solved

Restrict a domain User to 1 machine

Posted on 2014-04-24
5
456 Views
Last Modified: 2014-05-17
We have a vendor active directory account that we enable and disable for the vendor to log into 1 computer in our system. Is there a way to deny access to everything accept this computer for the vendor user?
0
Comment
Question by:portillosjohn
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 40020527
In the account tab of that user you will see "Log On To" use that to allow the one PC you want him to use.

Thanks

Mike
0
 
LVL 7

Expert Comment

by:Mohammed Tahir
ID: 40020552
0
 

Author Comment

by:portillosjohn
ID: 40020828
Is there a way to prevent the logged in user from viewing the "network" computers? or restrict the user from even viewing shares?
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 40021085
Don't put him in groups that have access to the shares and disable network discovery on that computer - unless others on that computer need access to network discovery.

Find out (this may be trial and error on your part) what rights/permissions the account needs and give it ONLY THE MINIMUM.  If they need admin rights, give them LOCAL admin rights on the system.  Remove them from Domain Users and other groups.

Potentially, ONLY give them a local user account on the machine, NOT A domain account.

http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-7
0
 
LVL 53

Accepted Solution

by:
McKnife earned 250 total points
ID: 40021434
There's also this policy: http://technet.microsoft.com/en-us/library/cc758316(v=ws.10).aspx
This security setting determines which users are prevented from accessing a computer over the network
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now