Hello al,
In order to limit access to given workstation open ‘Active Directory Users and Computers’ administrative tool on your Windows Server. You can operate on user groups or individual user accounts:
Limiting access for individual account:
Right click on user account and go to ‘Properties’. Choose ‘Account’ tab. Click on ‘Log On To’ button. Check ‘The following computers’ field and enter the list of workstations you want user to be able to log on.
Limiting access for group of users:
In ‘Active Directory Users and Computers’ right click on domain name, go to ‘New’ and choose ‘Group’. Provide name for new group.
Right click on newly created group, go to ‘Properties’. Choose ‘Members’ tab, click on ‘Add’ and enter the names of accounts you want to manage.
Now you need to go to your workstation and open ‘Local Group Policy Editor’. Click on ‘Computer Configuration’ -> ‘Windows Settings’ -> ‘Security Settings’ -> ‘Local Policies’ -> ‘User Right Assignment’. This should open list of security settings.
If you want to prevent access to this workstation you need to add the group you just created to ‘Deny access to this computer from network’ and ‘Deny log on locally’ security settings. You can also set ‘Access this computer from network’ and ‘Allow log on locally’ to limit access to workstation
only to some user accounts and groups. Remember that ‘Deny …’ settings have priority in case of contradicting rules.