Danny Moran

How to restrict Active Directory user logons to specific named devices

Published January 06, 2024 by Danny Moran

Table of Contents
PAGE CONTENT

Introduction

Learn how to restrict what devices Active Directory users can logon to. In this example, I show you how to modify an Active Directory user account using the ’logon to’ feature to restrict what devices a user account can logon to, only allowing them to logon to specific named computers or servers.

Video

Instructions

  1. Open Active Directory Users and Computers.

    Note: You can run dsa.msc to open the management console.

  2. Find the user account you want to lockdown.

  3. Right-click the user account and select Properties.

  4. Under the Account tab, select Log On To.

  5. Select The following computers.

  6. Enter the hostname of the device you want to allow the user to be able to logon to and press Add.

  7. Repeat step 6 for each device you want the user to be able to logon to.

  8. Press OK to close the logon workstations window.

  9. Press Apply to save the changes to the user account.

  10. Press OK to close the user properties window.

  11. The user account has now been locked down and can only logon to devices with the hostname specified.