Share via

Restrict Access

Roger Roger 6,286 Reputation points
2024-10-07T06:11:55.14+00:00

Hi All,

I have a domain admin account that I want to restrict. This account should only be used to log in to domain controllers and should not be allowed to log in to member servers. The requirement is that this domain admin account should be limited to logging in to domain controllers only, not to any member servers. please guide me.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,766 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,512 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,128 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,573 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,841 questions
0 comments
Accepted answer
  1. Yanhong Liu 10,390 Reputation points Microsoft Vendor
    2024-10-08T07:31:42.4933333+00:00

    Hello,

    As far as I know, to restrict the "Login" function of a domain account so that it can only log in to certain computers and not others, you can use "User Properties" - "Account" - "Log on to" in Active Directory Users and Computers (ADUC) to achieve this. However, this method is only valid for ordinary domain users. If it is a domain administrator account, this operation cannot be achieved.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olaf Helper 44,816 Reputation points
    2024-10-07T06:39:33.06+00:00

    You can not restrict an Admin account, that's not possible.

    0 comments
  2. Yanhong Liu 10,390 Reputation points Microsoft Vendor
    2024-10-08T07:30:56.6166667+00:00

    Hello,

    As far as I know, to restrict the "Login" function of a domain account so that it can only log in to certain computers and not others, you can use "User Properties" - "Account" - "Log on to" in Active Directory Users and Computers (ADUC) to achieve this. However, this method is only valid for ordinary domain users. If it is a domain administrator account, this operation cannot be achieved.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.