Limit network access points to boost endpoint security

Question: We would like to have a PC on our network that only one user can access. How can we go about doing this?

Wes Noonan's answer: To do so, you need functional NetBIOS. So you also need to ensure that systems can be resolved

Requires Free Membership to View

Managing Windows network endpoints
Managing Windows network access security tutorial

Windows network perimeter security

by broadcast or that you have implemented WINS. If you are using Active Directory Users and Computers, you can right-click a user and select the Account tab and you will see the Log On To button. Click the button, and you will see the Logon Workstations screen. You can select the computer(s) for which the user is allowed access, which enables a user to log on to only the specified workstation.

If you want to prevent anyone else from logging in to the workstation, you can do so in one of two ways. First, select all the users except the user you configured above, and bring up the Properties screen. This will display the properties for all the selected users.

Select the Account tab and check the box next to Computer Restrictions. Next, click the Log On To box, and in the Logon Workstations screen select all the computers other than the one you don't want others to log in to. If you create additional users or workstations, you also need to update these settings accordingly.

Alternatively, if you use something like Windows Scripting Host for your login script, you can write a script locates the logon workstation. If it detects that the workstation is the one you don't want anyone to log in to, it immediately logs them out. I recommend the Win32 scripting site for examples of scripts with this kind of functionality.

This was first published in December 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.