Share via

How to block other users (same domain users) login my system, I want to do this setting in my system locally

Ramesh Gokamalla 20 Reputation points
2025-11-10T21:16:45.35+00:00

Hello,

Today, I encountered a situation where my system's performance was significantly degraded due to a full C drive. Although this system is exclusively assigned to me, I do not store any personal data on the C drive. Upon reviewing the C drive, I discovered over 15 previous user logins. My objective is to remove all data associated with these other logins, including their system files and entire user profiles. Furthermore, I wish to restrict or block all other users from logging into my system, allowing only my login. I intend to implement these changes locally on my system, as I do not possess Active Directory access.

Moved from: Community Center | Discuss the Q&A site | Get started on Q&A

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments
Answer accepted by question author
  1. VPHAN 11,375 Reputation points Independent Advisor
    2025-11-17T12:04:53.8933333+00:00

    Hm, it's a little tricky here, because you can't exclude your account from the deny policy if it is a member of the group "APSLAPSL_All_Users". Adding that group to "Deny logon locally" will block all members, including yourself. Instead, configure the "Allow logon locally" policy to permit only your account. Open Local Group Policy Editor, navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and modify "Allow logon locally". Remove any existing entries and add your specific user account. This ensures only you can log on locally, regardless of domain group memberships.

    1 person found this answer helpful.

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VPHAN 11,375 Reputation points Independent Advisor
    2025-11-17T11:39:02.54+00:00

    From the images, I can see that the "Name Not Found" error occurs because Organizational Units are not security principals and cannot be directly added to the "Deny logon locally" policy. You must specify individual users or groups from that OU.

    Use the Advanced button in the object selection dialog to browse Active Directory. Set the location to "apsl.com" and search for the "APSL-HYD/Users" OU. Select the specific users or groups you want to block, ensuring your own account is omitted from the list.

    If no group exists containing all users from that OU, you will need to add each user individually. The policy will only enforce against the explicitly added principals.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.