?
Solved

Restrict a domain User to 1 machine

Posted on 2014-04-24
5
Medium Priority
?
493 Views
Last Modified: 2014-05-17
We have a vendor active directory account that we enable and disable for the vendor to log into 1 computer in our system. Is there a way to deny access to everything accept this computer for the vendor user?
0
Comment
Question by:portillosjohn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 40020527
In the account tab of that user you will see "Log On To" use that to allow the one PC you want him to use.

Thanks

Mike
0
 
LVL 7

Expert Comment

by:Mohammed Tahir
ID: 40020552
0
 

Author Comment

by:portillosjohn
ID: 40020828
Is there a way to prevent the logged in user from viewing the "network" computers? or restrict the user from even viewing shares?
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 40021085
Don't put him in groups that have access to the shares and disable network discovery on that computer - unless others on that computer need access to network discovery.

Find out (this may be trial and error on your part) what rights/permissions the account needs and give it ONLY THE MINIMUM.  If they need admin rights, give them LOCAL admin rights on the system.  Remove them from Domain Users and other groups.

Potentially, ONLY give them a local user account on the machine, NOT A domain account.

http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-7
0
 
LVL 56

Accepted Solution

by:
McKnife earned 1000 total points
ID: 40021434
There's also this policy: http://technet.microsoft.com/en-us/library/cc758316(v=ws.10).aspx
This security setting determines which users are prevented from accessing a computer over the network
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question