I never used Active Directory’s Account Log On To feature to limit computer access for certain user accounts before. So when I had to do it the other day, I thought I can just simply put the computer name in the Log On To computer list for that user account and call it a day.
Guess I was wrong. I kept getting this error message telling me that either the credential is wrong or something like below.
So, what went wrong?
The problem is more in the wording. While it says “Log On To” and “Logon Workstations”, it actually means the computers from both ends. For example, if User-A needs to RDP in Computer-B from Computer-A. Both Computer-A and Computer-B’s names need to be in the Logon Workstations list. Missing either one will result in not being able to remote in.