• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

Restrict a domain User to 1 machine

We have a vendor active directory account that we enable and disable for the vendor to log into 1 computer in our system. Is there a way to deny access to everything accept this computer for the vendor user?
2 Solutions
Mike KlineCommented:
In the account tab of that user you will see "Log On To" use that to allow the one PC you want him to use.


Mohammed TahirCommented:
portillosjohnAuthor Commented:
Is there a way to prevent the logged in user from viewing the "network" computers? or restrict the user from even viewing shares?
Lee W, MVPTechnology and Business Process AdvisorCommented:
Don't put him in groups that have access to the shares and disable network discovery on that computer - unless others on that computer need access to network discovery.

Find out (this may be trial and error on your part) what rights/permissions the account needs and give it ONLY THE MINIMUM.  If they need admin rights, give them LOCAL admin rights on the system.  Remove them from Domain Users and other groups.

Potentially, ONLY give them a local user account on the machine, NOT A domain account.

There's also this policy: http://technet.microsoft.com/en-us/library/cc758316(v=ws.10).aspx
This security setting determines which users are prevented from accessing a computer over the network
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now