PC Lockdown

[Grommit]

Is it possible to only allow 1 user and the Domain/Local Admins to log onto a Domain PC ?

8O

[plexer]

You could use a vbscript that checks who the user is logging in and if they don't match the ones you set it automatically logs them off?

Ben

[GrumbleDook]

One of the easiest ways I have found is to set up security groups of people I don't want to log on in certain areas ... and then assign those groups via GPOs in 'deny logon locally'. It can get a bit messy as you have to remember to add new users to these groups by default and then remove them if they need access.

[GeeDee]

Surely it makes more sense to set 'Allow Log on Locally' rather than denying everyone except 1 person?

Which is exactly what 'Allow Log on Locally' in Local / Domain Security Policy is designed to do. Remove everyone except those you want to have access.

[Grommit]

Surely it makes more sense to set 'Allow Log on Locally' rather than denying everyone except 1 person?

Which is exactly what 'Allow Log on Locally' in Local / Domain Security Policy is designed to do. Remove everyone except those you want to have access.

Jaaaaa...because deny over rides allow..

[ITWombat]

@GeeDee
Yeah that thought did occur to me.

Limit Logon from Microsoft has been mentioned somewhere. May be Grommit should do a forum search for it. He may find something useful.

[GeeDee]

Jaaaaa...because deny over rides allow..

Yeeeeees, but so what? Regardless of whoever is denied logon; if you aren't allowed logon - then you can't, which is what the OP wanted.

Limit Logon from Microsoft has been mentioned somewhere. May be Grommit should do a forum search for it. He may find something useful.

LimitLogon is some horrible vbscript Microsoft released to supposedly only allow a certain number of concurrent logons at any one time. It's not for restricting logons on certain machines to certain people (and it's awful anyway!).