Announcement

Collapse
No announcement yet.

Restirct user account

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restirct user account

    Hi Team,

    How do we restrict a domain user account logging to any of the system in the domain?

    Thanks,
    PSVN

  • #2
    Re: Restirct user account

    Hi,

    Can you be a bit more specific? What sort of restrictions are you referring to.
    Restrict their User rights once they logon to the workstation?
    Restrict the workstations they are allowed to log on or make sure they don't log on at all?

    If it is the last one just Disable their AD account.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Restirct user account

      Hi PSVM,
      We can restrict the user by Log On to Option in User Account property in AD.
      In the Log On to we can specify the Particular Computer or We can block from logging into any computer in the Domian by specifying "All computers" in the Log On to Option.

      Please welcome for Any other options.

      Thanks

      Comment


      • #4
        Re: Restirct user account

        HI All,

        The scenario is to use the domain account only for applications that needs local admin rights.however all the users are provided with the normal account without admin access to there system.

        Each user have a seperate domain account which has admin access to there local system which will be used for there applications.

        Now we want the account that has admin rights to the local systems should not be used for logging on to any system in the domain.

        Thanks
        PSVN

        Comment


        • #5
          Re: Restirct user account

          Hi,

          I am not exactly sure about your setup and why you have to use separate local and domain user accounts but in any case, you can achieve what you want by using Group policy.

          First of all make sure you add all those domain user accounts in question to a security group if you haven't already done so.
          Then configure the following GPO setting:

          Computer Configuration - Windows Settings - Security Settings - User Right assignments and enable Deny Logon locally by adding the security group
          you may consider other settings in there depending on how the application uses these accounts and other circumstances.

          Then link the GPO to a OU that contains the computer accounts you dont want them to log on to or at the domain level if you want it applying to all computers.

          Ta
          Last edited by L4ndy; 11th June 2009, 08:43.
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: Restirct user account

            Hi L4ndy,

            Sorry for the delay!!

            Thank you very much for the reply.


            Both the accounts we are using are domain accounts.One account (admin account)will be having local admin access to their system and other will be used for normal tasks with the system.

            We want this admin account to be used only for application using RUNAS option and we do not want user to use this account for system login,surf internet,install any third party tool and etc.


            Thanks,
            PSVN

            Comment

            Working...
            X