Question: We are running a Windows 2000 Active Directory domain controller and a user is running Windows XP SP2 on our domain. How can we set our domain to limit network access and allow only one user to log in? Also, how can we limit domain access to this user's one unique machine?
- Posed by a SearchWindowsSecurity.com reader.
Brad Dinerman's answer: For Active Directory management, you can control network access by restricting the computer(s) to which a user can log on through Active Directory Users and Computers. Open the console and drill down until you find that user. Right-click the user object and select Properties. Select the Account tab and then click the "Log On To" button. You can then enter the name of the computer(s) to which the user should have logon rights. (See screenshot.) He will not be able to log on to any other domain computers.