No announcement yet.

Restricting a group of users by a range if IPs

  • Filter
  • Time
  • Show
Clear All
new posts

  • Restricting a group of users by a range if IPs


    I'm running win2003 server and XP SP2 boxes. I work in a small school and want to restrict access to one DC (there are three trusted domains at this school) for students who use the computer lab by IP address.

    Since the domains are trusted they can see the DC for the computer lab when they are working in the library. We'll be posting online tests soon so I don't want them accessing this server from any computers other than those in the computer lab.

    Research has soon that I can restrict access by user based on time. I'm still searching but I can't find any way to restrict a group by IP range.

    Any help would be appreciated.



  • #2
    Hello softtrain,

    1. Thanks for choosing us as your solution provider.

    2. IP Addressing solution is not needed in this case.

    3. Solution: I suppose that you already implemented groups on these domains. All you need to do is to set NTFS permissions on that particular share resource. Only include groups that you want them to be able to access that resource. Being a domain user doesn't mean that users have access to "everything" .

    4. I suppose the "computer lab" that you have mentioned is the "testing lab"; and you only want student test takers access the resource on exam server ONLY and no browsing to other network resouce for "solutions" while taking test

    This solution can be applied to users or computer accounts but I recommend you apply it to users since restricting computer accounts is harsher.

    Here is our scenario:

    Server01 has exams on it (MCSE exams I supposed )

    TestTaker 1,2,3....

    Create a domain group called ExamGRP and add testtaker 1,2,3 user to it.

    Remove testtaker 1,2,3 user accounts from "Domain Users" group.

    Create a local group on Server01 called Server01ExamGRP.

    Make ExamGRP group member of Server01ExamGRP.

    Use Server01ExamGRP group to assign NTFS permission on Server. That's it.

    4. Please excuse my curiosity of why you would need three AD domains in a small school?

    5. For your reference, please read this

    6. Please let us know how it goes for you.