Restricting Computer Access
By default, users can log on to any computer in the domain except for domain controllers. This can be modified for individual accounts by clicking the Log On To button in the user Properties screen. If you enable this feature and add computers, users will be able to log on only to the added computers and no others.
It is also possible to prevent users from logging on to member servers (nondomain controllers) in the domain. Group Policy objects (GPOs) can be created and applied to ensure that only specific groups (such as IT administrators) are authorized to log on to servers. This provides an added layer of security for the servers.
In this tutorial:
- Managing Windows 7 in a Domain
- The Domain
- What is Wrong with Workgroups
- The Domain Concept
- Active Directory
- Domain Security
- Joining a Domain
- Windows 7 Offline Domain Join
- Browsing the Domain
- Searching the Domain
- Custom Searches
- Assigning Permissions to Domain Members
- The Double-Thick Security Trick
- Creating a Test Bed
- Creating a Domain
- Installing Windows Server 2008 on vPC
- Configuring a Windows Server 2008 Server
- Promoting a Server to a Domain Controller
- Joining Windows 7 to a Domain
- Authentication vs Authorization
- Authentication
- Authorization
- Built-in Groups
- Organizing Users with Groups
- Group Scope and Group Type
- Creating Users and Groups in a Domain
- Using HomeGroup with a Domain-Based Computer
- Identifying and Resolving Logon Issues
- Hardware vs. Network
- Using Cached Credentials
- Password Expiration
- Determining Logon Context
- Logon Hours Compliance
- Restricting Computer Access
- Time Synchronization
- Understanding User Profiles
- Standard Profiles
- Roaming Profiles
- Implementing Roaming Profiles
- Mandatory Profiles
- Super-Mandatory User Profiles
- Modifying the Default User Profile
- Configuring Settings with Scripts
- Anti-Malware Software
- Microsoft Windows 7 Defender
- Third-Party Anti-malware Software