I meant to have this in my last post... You could put the User Right "Deny Logon Locally" on all machines OTHER than your kiosk machine to accomplish the other part of your scenario (logging onto ONLY one machine). The method mentioned below by Mike would suffice also for that purpose.
Sorry for the extra junk in your mailbox ;-) Have a good day! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Sunday, June 12, 2005 5:21 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] how to allow a specific user to access the domain from one pc & disallow the others To allow the user to only logon on to that machine go into their Account Tab and use the "Log On To" feature and only allow access to that particular machine. You could deny everyone else the right to log on locally using a policy. This is the setting in the GPO Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Go into "Log on Locally" remove "Users, Power Users, and Backup Operators" then add this particular user. I would not remove the administrators but you can do that and just add your account in case you ever need to access the machine interactively. Thanks Mike On 6/12/05, Sharif Naser <[EMAIL PROTECTED]> wrote: > > > Hello experts, > > > > I'm setting a kiosk machine, my question is how do I allow a specific user > to login to my domain from only one machine & disallow other users from > logging from the same machine. > > > > Regards, > DISCLAIMER: > This electronic message transmission contains information from Qatar Steel > Company (QASCO) > which may be confidential or privileged. The information is intended to be > for the use of > the individual or entity named above. Be aware that any disclosure,copying, > distribution > or use of the contents of this information,including attachments, is > prohibited without > the written consent of Qatar Steel Company (QASCO). > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
