Network Administration: Windows User Account Access Properties

You can establish user account controls which limit logon hours and accessible computers via the Windows Server 2008 Active Directory tool. Choose Start→Administrative Tools→Active Directory Users and Computers, right-click the user and choose Properties. This brings up the User Properties dialog box.

Specifying logon hours

You can restrict the hours during which the user is allowed to log on to the system by clicking the Logon Hours button from the Account tab of the User Properties dialog box. This brings up the Logon Hours for [User] dialog box.


Initially, the Logon Hours dialog box is set to allow the user to log on at any time of day or night. To change the hours that you want the user to have access to, click a day and time or a range of days and times and choose either Logon Permitted or Logon Denied.

Restricting access to certain computers

Normally, a user can use his or her user account to log on to any computer that’s a part of the user’s domain. However, you can restrict a user to certain computers by clicking the Log On To button on the Account tab of the User Properties dialog box. This brings up the Logon Workstations dialog box.


To restrict the user to certain computers, select the radio button labeled The Following Computers. Then, for each computer you want to allow the user to log on from, type the computer’s name in the text box and click Add.

If you make a mistake, you can select the incorrect computer name and either click Edit to change the name or click Remove to delete the name.