Skip to content

How to Limit Domain Users from Logging on to the Domain from Specific Computers Only in Windows Server 2003?

By Codrut Nistor

Posted in How-to, Windows-server-2003

In large scale organizations there might be times when users may change their computer systems just for fun. However this behavior might not be appropriate for various security reasons and administrators in these cases may want to restrict user accounts so that the domain users can log on using a specific computer or computers only. As an administrator if you want to configure this setting you can follow the steps given below:

  1. Log on to the domain controller with administrator's account.
  2. Click on Start button.
  3. From the start menu go to Administrative Tools and from the submenu click on Active Directory Users and Computers.
  4. In Active Directory Users and Computers snap-in from the left pane expand the domain name which in this case is TESTDOMAIN.COM and click on the Users container or the organizational unit where you have created the user accounts.
  5. In the right pane right click on the user account for which you want to specify the restriction and click on Properties.
  6. On Properties page go to Accounts tab and click on Log On To button.
  7. On Logon Workstations box click on The following computers radio button.
  8. In Computer Name text box type the name of the computer from which you want to allow the user to log on to the domain and click on Add button. You can add as many computers as you want. Alternatively you can type the IP addresses of the computers to add them in the list.
  9. Click on Ok button to confirm your configuration and close Properties box.
  10. Close Active Directory Users and Computers snap-in.

More Info:

You can configure the above settings for multiple user accounts in a single instance by selecting the user accounts while pressing ctrl key.