dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Milford, CT

Restrict who can login to a certain computer on a domain

How can you restrict everyone from logging in to one certain computer on the domain to only one account? We have a conference room that is setup to a certain user account and when someone else logs in they start complaining that they don't have printers etc..... So we would like to stop all the user accounts from being able to log in to this one computer. Also is there a way to direct all user logins on this computer to go to the same desktop screen so that everyone would get the same desktop, printer(s) and files on the desktop? This computer is running Vista Business.

Thanks for any advise you guys can spare.


Lenoir, NC
Do some research into the "allow logon locally" security policy, and Roaming User Profiles (which I don't recommend implementing, unless you have FAR above average knowledge of Active Directory and Group Policy)

All noise, no signal.
Jamestown, NC
reply to GlazedHam
So you only want a single account to be able to log onto this computer? If so, that takes care of the desktop screen requirement.


reply to GlazedHam
I was going to suggest Windows Steady State but I don't think it can do what you need.

But, why not just disjoin the computer from the domain, set up the printers to print directly to the IP addresses of the printers (skipping the print server, I'm assuming here), and create one local account for them to use?

Do they have to have their drive mappings?


Milford, CT
reply to GlazedHam
I need to keep them on the domain as we have software that also tracks printing so if someone printed something from that computer they would get a prompted for where to bill the print to. This is just one of many reasons why we need to keep it on the domain.


Saint Paul, MN
reply to Neo62381
said by Neo62381:

Do some research...Roaming User Profiles (which I don't recommend implementing, unless you have FAR above average knowledge of Active Directory and Group Policy)
You forgot to mention two tons of bandwidth, storage, and user patience.
When will the people realize that with DRM they aren't purchasing anything?

Warrenville, IL
reply to GlazedHam
I think you can just edit the local "Users" group and remove all, then add the single user you want. Users not within the local "users" group on the PC should be denied the Log on Locally right IIRC.
Baka wa shinanakya naoranai


Scarborough, ON
reply to GlazedHam
How about placing a batch file in the All Users->startup folder on that computer? In the batch file you can redirect the desktop, assign printers, etc.

This way only that computer is affected by the changes and not the whole domain.


Homestead, FL
reply to GlazedHam
I use roaming profiles for the desktop users. However, I use folder redirection so that the My Documents folder stays on the server in their home directory. It is great because if a user's desktop goes on the fritz then I just move them to another prebuilt and then rebuild the messed up one.

Yes you can restrict who can login to a specific computer, but I have only done it once for a particular user that has to remote desktop in to a virtual machine. I think you just go to the local computer and specifically set in the local machine what users are allowed to login.


Pomfret Center, CT
reply to GlazedHam
I can tell you what we do at the school I work at I don't know if this is the right way to do it but it works in the labs.

I log in as a user we call hssetup no one uses the account. I set the desktop printer home page and anything else you might want a user to have preset. Then I log off and log back in as an admin and in system properties under advance I go to user profiles click settings then I highlight the hssetup user and copy it to default. In XP you have be able to see hidden folders BTW. Say yes to any warnings.

Now who ever logs in gets all the printers and what ever other settings you copied from the hssetup account.


reply to GlazedHam
Utilize the Group policy gpedit.msc on the machine you want to lock down. Computer Conf/Windows/Security/Local Policy/user rights/log on locally polcy. Change this to allow the specific user account instead of domain users.