Allow only user account that is assigned to the device

oryxway390
Brass Contributor
Sep 30, 2022
Moe_Kinani Yes, that is the one. But, I am not sure about that string that is there. What does that string do there?

We already have an account as a local admin account. but we just need to make sure that only that user assigned the device should be able to login. In order to achieve what should be the string?
- Moe_Kinani
  Bronze Contributor
  Oct 03, 2022
  This policy should do it for you. The OMI is basicslly allowing AllowLocalLogon by using locsl Administrators group + Azure AD user you want to allow. So the value would like below:
  
  Administrators AzureAD\email address removed for privacy reasons
  
  Hope this helps!
  Moe
  - oryxway390
    Brass Contributor
    Oct 12, 2022
    Administrators AzureAD - ? We cannot be assigning this to each user account right? I am confused sorry if I am too dumb here.
    
    We are allowing only those users assigned to the device to logon to the laptop or desktop.
    
    For example I am John Doe and have been assigned the device DESKTOP-XY123
    and another user Jill Doe has been assigned the device LAPTOP-ABC321
    
    Now, we want only the users assigned to their device So, if John Doe tries to login to LAPTOP-ABC321, he should not be able to.
    
    To achieve this how can we make sure it is common for everyone based on their name (example - like a string value how we would use %USER%) Is there something like that so I can put that as the value ?
    Administrators AzureAD\email address removed for privacy reasons - This is going to be specific for that user, but what about in general,
    
    Moreover, we do not want the user who is logging into the computer as an admin, we have separate admin account.

Forum Discussion

Allow only user account that is assigned to the device

Share

Resources