Tim Jackson said:
Are you in a domain?
If yes then you could;
1) Create a domain group whose members are allowed to logon to these 3
workstations
2) On each of the 3 workstations open the Local Security Policy MMC snapin,
open the "Log on locally" entry under "Local Policies", "User Rights
Assignment", add the group created earlier and then deselect the "Users"
group, click OK to save changes and reboot workstations.
This will limit logons to these workstations to Administrators, Power Users,
Backup Operators and members of the group created earlier. You could
further restrict the groups allowed access but wouldn't recommend removing
Administrators.
Yes, it is a domain, but what you suggested did not work. None of the domain
users have local accounts on these machines to start with, and when logging
onto a domain, the local policy settings are overridden by the domain policy
settings anyways. However, I try it anyways..
When I went to the "log on locally" portion of the local security snap-in, I
couldn't get through the process as described. At the time, I was logged on
as a domain admin. When I first tried to add the group, it offered me the
choice of the local machine or the 'domain.local' so I selected the domain
from the pull down. It then came back and said it could not find the
server/domain, even though I could browse the server at the time. I closed
out of it and then went back in and this time the only choice offered was the
local machine, and of course the group does not exist on the local machine.
Since the group did not exist on the local machine, it wouldn't let me add
it, so I created it locally and after creating my user locally (it insisted
on adding a user) I added it to the logon permit list and unchecked all
except administrator. At the end of all that, it still lets any domain user
logon to the domain from that machine.