Restricting Logon Account

[Guest]

We have a Windows 2000\2003 domain with Win2k Pro clients. In our domain we
have POS machines that we only want the POS user to log into. This way
everything is restricted and they can not cause any problems. If the user
logs in as themself then they can access all the programs and the machine is
compromised. We try to educate the people not to do this. Besides
autologon, does Microsoft have a solution for this highly demanded policy?
Thank you

 

[Steve Parry [MVP]]

We have a Windows 2000\2003 domain with Win2k Pro clients. In our domain
we have POS machines that we only want the POS user to log into. This way
everything is restricted and they can not cause any problems. If the user
logs in as themself then they can access all the programs and the machine
is compromised. We try to educate the people not to do this. Besides
autologon, does Microsoft have a solution for this highly demanded policy?
Thank you

Try removing "Domain Users" from the machines allowed Users and put in the
POS User account only ?

 

[Guest]

Thank you. I could not find allowed users, but I did find this article
tested and it works. I will create groups for each location and add the back
office people to them.
It is misleading because it is the Deny Logon Locally. It works for domain
users though.
http://www.jsifaq.com/subm/tip6100/rh6131.htm