Re: Prevent logons other than PC owner?

You are right in what you say of likely needing to adjust the
log on rights in local policy rather than by GPO.
But notice the OP scenario is
> I've been asked if there is a way to prevent anyone else besides the
> "owner" of the PC to log on at that PC.
Using the user account properties is great for limiting a user
to specific PCs, but it is useless in controlling what accounts
a PC allows (unless one wants to be very, very thorough in
limiting all accounts without fail).
They do need to take control of the computer's login rights
settings as the most direct and foolproof way to do this.
--
Roger

"Ondrej Sevecek" <ondra at my_surname dot com> wrote in message
news:enbjZdDHGHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
> as long as you want to limit the users one-to-one to a computer, do it
> simpler in Active Directory Users and Computers,
> the user account properties contain an "account" tab that holds a button
> called "Log on to...".
>
> The method with GPO would require either single OU for each of your
> computers or a security filter for each GPO to specify the actual computer
> and so is quite unefficient and brings no better effect.
>
>
> O.
>
>
> "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
> news:euO9JWvGGHA.3936@xxxxxxxxxxxxxxxxxxxxxxx
>> If you take control over the Log in locally User Right of the machine
>> then you can specify exactly what accounts can log into it.
>> Ususally you will find Users granted the right on a client system.
>> In a domain Users includes Domain Users, etc.
>> What you would need to do is to change the local policy (either directly
>> or by use of GPO) so that its policy for the User Right to Log on locally
>> states only the accounts that should be allowed (such as Administrators
>> and domain\usernameX
>>
>> "Mike Bailey" <mbailey@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:uyNUHzuGGHA.3624@xxxxxxxxxxxxxxxxxxxxxxx
>>> We run a Server 2003 Domain with XP workstations. Of course, users log
>>> into the domain with their own userid/password. I've been asked if
>>> there is a way to prevent anyone else besides the "owner" of the PC to
>>> log on at that PC. I didn't think so since they are not logging into the
>>> PC but rather the domain. IS this possible through a group policy or
>>> something?
>>>
>>> Thanks,
>>> Mike
>>
>>
>
>


.