Sign in
 
HomeWindows 8Windows 7Windows VistaWindows XPMDOPWindows IntuneLibraryForums
Windows Client >
Restricting Domain user logon

已答复 Restricting Domain user logon

  • Saturday, October 13, 2012 2:00 PM
     
     
    Sign In to Vote
    0
    I have had this answered in the past, but cannot locate the thread so I am asking again.  I want to restrict a Windows 7 Pro machine so that only I and a couple other domain users can log on.

    God Bless, Mark A. Sam The Bible promises there will be NO computers in Heaven: Revelation 21:4

     

All Replies

  • Saturday, October 13, 2012 4:13 PM
     
     
    Sign In to Vote
    0

    Your question would be better answered in server forum because it involves domain and group policy.

    Anyway, this may be helpful...

    1. Create local admin account or enable built in Administrator account on Windows 7 Pro machine. Set passwords that only authorized people know. These accounts won't be used in normal work. They are here just so that you can administer the machine if it falls out of domain.

    2. In your domain create OU. Name the OU 'Restricted Desktops'

    3. Join Windows 7 Pro to domain and place it in the 'Restricted Desktops' OU.

    4. In your domain, create global group. Name the group 'Restricted Desktops Users'. Description 'Users who are allowed to log on to Restricted Desktops'.

    5. Place yourself and others to the 'Restricted Desktops Users' group as needed.

    6. Create Group Policy Object (GPO). Name it 'Restricted Desktops Access'. Link the GPO to the 'Restricted Desktops' OU.

    7. Configure 'Restricted Desktops Access' GPO. Configure Computer / Windows Settings / Security Settings / Local Policies / User Rights Assignment /Allow Log on Locally. Configure this setting so that only 'Restricted Desktops Users' group is listed.

    8. Run 'gpupdate' on your Windows 7 Pro. You may also need to restart the computer (a couple of times).

     
  • Saturday, October 13, 2012 4:31 PM
     
     
    Sign In to Vote
    0

    Les,

    Thank you for the response, but I think there is a way to do this locally.  I recall doing it in the past, but not through group policy or setting up an OU.  But as far as setting up a local admin account, I can't see how to set up any user on Windows 7.  I asked this in another thread.

    God Bless,

    MarkAs

    God Bless, Mark A. Sam The Bible promises there will be NO computers in Heaven: Revelation 21:4

     
  • Saturday, October 13, 2012 5:44 PM
     
     Answered
    Sign In to Vote
    0

    Mark,

    <quote>

    I want to restrict a Windows 7 Pro machine so that only I and a couple other domain users can log on.

    </quote>

    Sure, you can set it locally.

    On your WIndows 7 Pro, run gpedit.msc

    Configure local policy as described in step 7.

    Configure Computer / Windows Settings / Security Settings / Local Policies / User Rights Assignment / Allow Log on Locally. Configure this setting so that only users who should log on locally are listed.

    • Marked As Answer by MarkASam Saturday, October 13, 2012 6:23 PM
    •  
     
  • Saturday, October 13, 2012 6:24 PM
     
     
    Sign In to Vote
    0

    Les,

    You earned your points.  That was what I needed.

    God Bless,

    MarkAs

    God Bless, Mark A. Sam The Bible promises there will be NO computers in Heaven: Revelation 21:4