By default, any user in the domain can log on to the computer. Sometimes it becomes necessary to allow only certain users or groups of users to log on to a computer. In some cases, this improves the security level of the organization.

If you are interested in how to allow a user to log on only to specific computers in a domain, you can read about this in my guide «Allow User to Log On Only to Specific Computers in the Domain».

We will consider the case when you already have two servers with the Windows Server 2012 R2 operating system installed on them. In addition, the Active Directory Domain Services role must be installed on one of the servers.

You can read more about how to install Windows Server 2012 R2 in my guide «Installing Windows Server 2012 R2». You can learn how to install Active Directory Domain Services on Windows Server 2012 R2 by reading «Installing Active Directory Domain Services on Windows Server 2012 R2».

Go into the system under the Administrator account and go to the “Start” menu.

In the “Start” menu, click on the “Administrative Tools” button.

Next, select “Group Policy Management”.

Now you need to create a new group policy to allow access to computers only to specific users or user groups.

In this guide, the policy will apply to all computers in the domain.

Right-click on the domain name and select “Create a GPO in this domain, and Link it here”.

Specify a name for the new group policy and click on the “OK” button.

Next, click on the new policy with the right mouse button and select “Edit”.

In the Group Policy Editor, go to the “Computer Configuration” section, then to the “Windows Settings” subsection, then find the “Security Settings” section and select “Allow log on locally” in the “Local Rights Assignment” section.

Now you need to specify the user or group of users who will be allowed to log on to computers that fall under the new group policy.

First, you need to add the ability to log on to computers for their administrators. That is, for members of the “Administrators” group.

Select “Define these policy settings” and click on the “Add User or Group” button.

Next, click on the “Browse” button.

Specify the name of the group “Administrators” and click “Check Names”.

The Administrators group found.

Click on the “OK” button.

Press the “OK” button again.

The Administrators group added successfully.

Now add a user account that can log on to all computers that are covered by Group Policy.

Click on the “Add User or Group” button.

Next, click on the “Browse” button.

In this guide, we will allow the user “Vladimir Mikhalev” to log on to computers.

Please note that you can add not only a user but also a group of users.

Specify the user login and click on the “Check Names” button.

User found.

Click on the “OK” button.

Press the “OK” button again.

To save changes, click on the “OK” button.

Now on all computers that fall under the scope of this policy, only administrators and the specified user can log in.


Hi, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems. On my website, you will find detailed and clear guides for setting up IT solutions. Dive into the ocean, full of positive and technology! For cooperation:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.