Pages

Wednesday, October 17, 2012

Restrict use of a computer to one domain user only

The "Authenticated Users" group on each computer allow users from trusted domain to be authenticate
and logon to computer.
If you want restrict use of a computer to one domain user only, performs the following steps:

Option 1:  Active Directory Users and Computers

  • Click Start < Administrative Tools < Active Directory Users and Computers.
  • Click to expand Domain Name < Domain Users < Organization Units “Name” < Users.
  • Right click on User, then click to select User Properties.
  • In the User Properties windows, click to select Account tab, then click on Log On To… button.
  • In the Logon Workstation Windows, Click to select “The following computers”, Then type the name of the computer.
  • Click on Add button,  click Ok for close all windows.
Now the restriction is setup.

Option 2: Domain Wide Policy

  • Click Start, in “Search programs and files” type gpmc.msc.
  • In the “Group Policy Management Editor” windows, click to expand:
Computer Configuration < Policies < Windows Settings < Security Settings < Local policies < User Right Assignment
  • In the Policy panel double click in “Deny logon locally” for open the “Deny logon locally window”.
  • In “Deny logon locally window”, click to check “define these policy settings”, and click on Add User or Group… button.
  • In Add User or Group windows type the name or click on browser button.
  • Finally when you add the user or group click ok to finished.
  • After that click Start, right click on command prompt, and click "Run as Adminitrator".
  • In the “Administrator: Command Prompt window” type “Gpupdate /force”, then press Enter key.
Now the restriction is setup.