Hi Everyone,
I am the Administrator of a Windows Server (2008 R2) Domain. Recently I was presented with the challenge of limiting access to only one specific user account on one specific client computer (Windows 7 x64). This was to ensure that only one staff member could log onto the one specific workstation.
In order to perform this task I followed option B, How to restrict use of a computer to one domain user only, and removed the "NT Authority\Authenticated Users" object.
Whilst this has limited access to the workstation, it seems that the logon account which had previously been given Administrator privileges can no longer act as the Administrator. In fact the Domain Administrator account can't act as the computer administrator either!!!
For example if I now logon as the Administrator or the User and try to change the computer name, both the "Network ID", and the "Change" buttons are greyed out, indicating that I can't make any changes.
Both the Administrator account, and the Users account have been manually added to both the Administrators Group and the Users Group.
I now want to re-add the "NT Authority\Authenticated Users" object. Is this possible? If so any suggestions on how to achieve this will be greatly appreciated.
Kind Regards,
Davo
I am the Administrator of a Windows Server (2008 R2) Domain. Recently I was presented with the challenge of limiting access to only one specific user account on one specific client computer (Windows 7 x64). This was to ensure that only one staff member could log onto the one specific workstation.
In order to perform this task I followed option B, How to restrict use of a computer to one domain user only, and removed the "NT Authority\Authenticated Users" object.
Whilst this has limited access to the workstation, it seems that the logon account which had previously been given Administrator privileges can no longer act as the Administrator. In fact the Domain Administrator account can't act as the computer administrator either!!!
For example if I now logon as the Administrator or the User and try to change the computer name, both the "Network ID", and the "Change" buttons are greyed out, indicating that I can't make any changes.
Both the Administrator account, and the Users account have been manually added to both the Administrators Group and the Users Group.
I now want to re-add the "NT Authority\Authenticated Users" object. Is this possible? If so any suggestions on how to achieve this will be greatly appreciated.
Kind Regards,
Davo