Tip: Remove Accounts and Deny Local Access to Workstations on Windows 7

Domain administrators are automatically granted access to local resources on work¬stations. Other users aren’t granted access to local resources on workstations other than to the computers to which they are permitted to log on. As workstations are moved around an organization, you might find that previous owners of a worksta¬tion still have access to its resources or that users who were granted temporary access to a workstation were never removed from the access list.

Follow Our Daily Tips

RSS | Twitter | Blog | Facebook

Tell Us Your Tips

Share your tips and tweaks.

In a domain, you can control the workstations to which users can log on by using the account properties in Active Directory Users And Computers. Double-click the account to display the Properties dialog box. On the Account tab, click the Log On To button.

In a homegroup or workgroup, you can remove a user’s local account and effec¬tively deny logon by completing these steps:
1. Log on as a user with local administrator privileges. In Control Panel, under the User Accounts heading, click Add Or Remove User Accounts. This displays the Manage Accounts page.
2. Click the account you want to remove.
3. Click Delete the Account.
4. Before deleting the account, you have the opportunity save the contents of the user’s desktop and documents folders to a folder on the current user’s desktop. To save the user’s desktop and documents, click Keep Files.To delete the files, click Delete Files.
5. Confirm the account deletion by clicking Delete Account.

Keep in mind that in a domain, unless further restrictions are in place with regard to logging on to a workstation, a user might still be able to gain access to the workstation by logging on with a domain account.

From the Microsoft Press book Windows 7 Administrator’s Pocket Consultant by William R. Staneck.

Looking for More Tips?

For more tips on Windows 7 and other Microsoft technologies, visit the TechNet Magazine Tips library.