# Restricted Active Directory User

## Problem

When you add a user in Endpoint Central and make them authenticated via Active Directory, you get an error as:

> "The user can be authenticated only through the machines: XXX"

## Cause

To be able to authenticate a user via Windows Active Directory, the user should have access to log on to the domain from the computer where Endpoint Central Server is installed.

Windows Active Directory provides the flexibility for administrators to restrict the users' logon computers and logon times. If a user has been restricted to log on to the domain only from specific computers, you will get this error.

## Resolution

You should make this user log in to the domain from the computer where Endpoint Central is installed.

Follow the steps below on the computer where the Domain Controller is installed:

1. Select *Start → Programs → Administrative Tools → Active Directory Users and Computers*. This will show the list of users available in Active Directory.
2. Right-click the user that you are trying to add in Endpoint Central and click **Properties**.
3. Select the **Account** tab and click the **Log On To** button.
4. This will list the computers from which the user has access to log in to the domain. Specify the name of the computer where Endpoint Central Server is installed and click **Add**.
5. Click **OK** to close the Logon Workstations dialog.
6. Click **OK** to close the user properties dialog.
7. Close the Active Directory Users and Computers window.

**Applies to:** User Management, Domain Authentication, AD Authentication  

**Keywords:** User Management, Domain Authentication, Active Directory, Windows AD