How to manage network access for single users in AD
Question: We are running a Windows 2000 Active Directory domain controller and a user is running Windows XP SP2 on our domain. How can we set our domain to limit network access and allow only one user to log in? Also, how can we limit domain access to this user's one unique machine?
- Posed by a SearchWindowsSecurity.com reader.
Brad Dinerman's answer: For Active Directory management, you can control network access by restricting the computer(s) to which a user can log on through Active Directory Users and Computers. Open the console and drill down until you find that user. Right-click the user object and select Properties. Select the Account tab and then click the "Log On To" button. You can then enter the name of the computer(s) to which the user should have logon rights. (See screenshot.) He will not be able to log on to any other domain computers.
This was first published in November 2007
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.