By default, the user can log on to any computer in the domain or even several at once simultaneously. Sometimes it becomes necessary to allow the user to log on to specific computers or just one. In some cases, this improves the security level of the organization.
If you are interested in how to allow only certain users in a domain to log on to a computer, you can read about this in my guide «Allow Only Certain Users in the Domain to Log On to the Computer».
We will consider the case when you already have two servers with the Windows Server 2012 R2 operating system installed on them. In addition, the Active Directory Domain Services role must be installed on one of the servers.
You can read more about how to install Windows Server 2012 R2 in my guide «Installing Windows Server 2012 R2». You can learn how to install Active Directory Domain Services on Windows Server 2012 R2 by reading «Installing Active Directory Domain Services on Windows Server 2012 R2».
Go into the system under the Administrator account and go to the “Start” menu.
In the “Start” menu, click on the “Administrative Tools” button.
Next, select “Active Directory Users and Computers”.
Go to the “Users” container, find the user account that needs to be allowed to log on only to a specific computer, and right-click on it.
Next, select “Properties”.
Next, go to the “Account” tab and select “Log On To”.
In this guide, we will only allow the user to log on to the vmikhalev-dt computer.
Specify the name of the computer on which you want to allow access to the user, and click on the “Add” button.
Click on the “OK” button.
Press the “OK” button again.
Now the user can only log on to the specified computer.