How to manage network access for single users in AD

Alter a few settings to limit single user network access in an AD domain to simplify Active Directory management.

Question: We are running a Windows 2000 Active Directory domain controller and a user is running Windows XP SP2...

on our domain. How can we set our domain to limit network access and allow only one user to log in? Also, how can we limit domain access to this user's one unique machine? - Posed by a reader.

Windows network access
Managing Windows network access on additional servers

Managing Windows network access security tutorial

Brad Dinerman's answer: For Active Directory management, you can control network access by restricting the computer(s) to which a user can log on through Active Directory Users and Computers. Open the console and drill down until you find that user. Right-click the user object and select Properties. Select the Account tab and then click the "Log On To" button. You can then enter the name of the computer(s) to which the user should have logon rights. (See screenshot.) He will not be able to log on to any other domain computers.

This was first published in November 2007

Dig Deeper on Microsoft Active Directory Security



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:









  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.