Restrict a domain User to 1 machine

We have a vendor active directory account that we enable and disable for the vendor to log into 1 computer in our system. Is there a way to deny access to everything accept this computer for the vendor user?
portillosjohnAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
There's also this policy: http://technet.microsoft.com/en-us/library/cc758316(v=ws.10).aspx
This security setting determines which users are prevented from accessing a computer over the network
0
 
Mike KlineCommented:
In the account tab of that user you will see "Log On To" use that to allow the one PC you want him to use.

Thanks

Mike
0
 
Mohammed TahirMicrosoft Exchange and O365 AdministratorCommented:
0
 
portillosjohnAuthor Commented:
Is there a way to prevent the logged in user from viewing the "network" computers? or restrict the user from even viewing shares?
0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
Don't put him in groups that have access to the shares and disable network discovery on that computer - unless others on that computer need access to network discovery.

Find out (this may be trial and error on your part) what rights/permissions the account needs and give it ONLY THE MINIMUM.  If they need admin rights, give them LOCAL admin rights on the system.  Remove them from Domain Users and other groups.

Potentially, ONLY give them a local user account on the machine, NOT A domain account.

http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-7
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.