I have a consultant who needs VPN access to our internal network. However, once on that network, I only want him to be able to login to one specific machine, using remote desktop. I don't want him to have access to any other machines. How do I configure AD so he only gets access to the one machine once connected to the VPN? I tried Log On To under the Account tab in the Active Directory User. However, that seems to simply mean he can only login to the domain from that computer, which results in the VPN connection not even being established. I feel like I am missing a basic function.