Share via

How to block other users (same domain users) login my system, I want to do this setting in my system locally

Ramesh Gokamalla 20 Reputation points
2025-11-10T21:16:45.35+00:00

Hello,

Today, I encountered a situation where my system's performance was significantly degraded due to a full C drive. Although this system is exclusively assigned to me, I do not store any personal data on the C drive. Upon reviewing the C drive, I discovered over 15 previous user logins. My objective is to remove all data associated with these other logins, including their system files and entire user profiles. Furthermore, I wish to restrict or block all other users from logging into my system, allowing only my login. I intend to implement these changes locally on my system, as I do not possess Active Directory access.

Moved from: Community Center | Discuss the Q&A site | Get started on Q&A

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments
Answer accepted by question author
  1. VPHAN 11,040 Reputation points Independent Advisor
    2025-11-17T12:04:53.8933333+00:00

    Hm, it's a little tricky here, because you can't exclude your account from the deny policy if it is a member of the group "APSLAPSL_All_Users". Adding that group to "Deny logon locally" will block all members, including yourself. Instead, configure the "Allow logon locally" policy to permit only your account. Open Local Group Policy Editor, navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and modify "Allow logon locally". Remove any existing entries and add your specific user account. This ensures only you can log on locally, regardless of domain group memberships.

    1 person found this answer helpful.

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-10T21:17:20.0133333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To block other users from logging into your system locally, you can use the following methods:

    Method 1: Use Local Group Policy Editor

    1. Press Win + R to open the Run dialog.
    2. Type gpedit.msc and press Enter to open the Local Group Policy Editor.
    3. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
    4. Find the policy named Deny logon locally.
    5. Double-click it and select Define these policy settings.
    6. Click Add User or Group, and add the users or groups you want to deny access to.
    7. Apply the changes and close the editor.

    Method 2: Remove Users from Local Groups

    1. Right-click on This PC or My Computer and select Manage.
    2. Expand Local Users and Groups > Groups.
    3. Double-click on the Users group.
    4. Remove any users you do not want to have access to the system.
    5. Add your user account to ensure you have access.

    Method 3: Disable User Accounts

    If there are specific user accounts you want to disable:

    1. Open Computer Management.
    2. Navigate to Local Users and Groups > Users.
    3. Right-click on the user account you want to disable and select Properties.
    4. Check the box for Account is disabled.
    5. Click OK to apply the changes.

    These methods will help you restrict access to your system, ensuring that only your login can be used to access it.

    References:

    0 comments
  2. VPHAN 11,040 Reputation points Independent Advisor
    2025-11-11T02:05:39.09+00:00

    Hi Ramesh Gokamalla,

    It seems to me that the root of the performance issue is the accumulation of data tied to those 15 legacy profiles. Each profile carries cached files, registry entries, and system data that consume space even if you don’t actively use them. In the case the most effective way is twofold:

    Profile cleanup – Removing those unused profiles will immediately free up disk space and reduce background clutter. This is a safe operation when performed through Windows’ built‑in profile management, and it won’t affect your own account.

    Account restriction – Once the profiles are gone, the accounts themselves should either be disabled or deleted. This ensures that no one else can log in locally. Since you don’t have Active Directory access, this will be handled entirely at the local machine level.

    After these changes, your system will recognize only your login as valid. For added peace of mind, I recommend keeping a single administrator account (with a strong password) as a fallback, but otherwise locking down all other accounts.

    Finally, once the access issue is resolved, you may want to run a system cleanup to clear residual update files and temporary data. This will give you back additional space and help stabilize performance.

    I hope you find this piece of advice useful to some extent. If you're able to solve the issue based on that, it's appreciated to accept the answer as a way to share your valuable experience with the community. Have a good day!

    Vivian

  3. VPHAN 11,040 Reputation points Independent Advisor
    2025-11-11T19:15:41.45+00:00

    Hi Ramesh Gokamalla,

    Have you found the answer useful? If everything is okay, it's really appreciated of you to share your experience with the issue by accepting the answer. Happy to help!

    Vivian

    0 comments
  4. VPHAN 11,040 Reputation points Independent Advisor
    2025-11-17T10:38:49.83+00:00

    Good morning Ramesh Gokamalla,

    On a domain-joined system, domain users can still log in because authentication is handled by the domain controller, not local account management alone. With local administrator access, you can override this by configuring the local security policy to explicitly deny logon rights to domain users. Open the Local Group Policy Editor and navigate to the "Deny logon locally" policy under Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Add the domain users or groups you want to block, ensuring your account is excluded from this list. This policy will take precedence for local logons, preventing specified domain users from accessing your system.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.