Restrict logins on one PC

dwade · 04-24-2007, 11:38 AM

This seems to be a tough one. I have one client computer (running windows 2000) that I want to limit logins on. I only want to allow 3 specific people to log in to the machine--no one else. If someone else tries they should be denied access. As I said, the client is running Windows 2000 but the domain controller is SuSE Linux. Is this possible and how do I accomplish this?

{BBI}Nexus{BBI} · 04-26-2007, 12:27 AM

Create 3 user accounts for the 3 users you want to allow login for.

dwade · 04-26-2007, 07:23 AM

Even if I create user accounts on the PC, that won't stop domain users from logging into the computer--my understanding is that you don't have to be added to the computer as a local user or domain user to log in. I may be wrong, but I'm thinking that I may have to set a restriction on the computer through the domain.... maybe a policy?

{BBI}Nexus{BBI} · 04-26-2007, 02:58 PM

My understanding is even though you are part of the domain, you cannot login to computer x if the computer doesn't know or is unable to verify who you are. Maybe i'm missing the point?

dwade · 04-26-2007, 03:58 PM

Quote:

Originally Posted by {BBI}Nexus{BBI}

My understanding is even though you are part of the domain, you cannot login to computer x if the computer doesn't know or is unable to verify who you are. Maybe i'm missing the point?

The authentication is handled by the domain controller for domain logins and the local computer for local logins (as far as I know). For those who are trying to log into the local computer, your idea will work, but for those who are logging in to the domain on that computer, it won't block those users.

I need to block all access by all users--domain or local--other than the three specific users.

{BBI}Nexus{BBI} · 04-26-2007, 05:24 PM

Ah, I see. I was thinking of something else.

sleepyhomme · 04-26-2007, 10:18 PM

Try this.

Make that workstation in domain (as you already did). Then disable the "NetLogon" service for that workstation in services.msc or by command.

Restart the machine and try to logon with domain user & local user.

dwade · 04-27-2007, 10:30 AM

Quote:

Originally Posted by sleepyhomme

Try this.

Make that workstation in domain (as you already did). Then disable the "NetLogon" service for that workstation in services.msc or by command.

Restart the machine and try to logon with domain user & local user.

When I disable NetLogon, won't that disallow -all- domain logins? The three specific users need to be able to log in with their domain profile, but no one else other than those three.

sleepyhomme · 04-27-2007, 09:07 PM

o....haha
I miss the key point of your question
Sorry!
Let me find another solution!