Announcement

Collapse
No announcement yet.

Restrict certain users from logging on to certain pc's?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict certain users from logging on to certain pc's?

    Is it possible?

    I have around 100 machines joined to our Server 2003 domain. Is it possible to set something so that only certain users can login to their own machine?

    Thanks

  • #2
    Re: Restrict certain users from logging on to certain pc's?

    You can set a list of "allowed" computers in user properties in ADUC
    IIRC it is limited to a fairly small number (used to be 10 in Server 2000 but I have a vague memory of it increasing to 64)

    Note this will require considerable management -- ask yourself if it is really needed?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Restrict certain users from logging on to certain pc's?

      Originally posted by Ossian View Post
      You can set a list of "allowed" computers in user properties in ADUC
      IIRC it is limited to a fairly small number (used to be 10 in Server 2000 but I have a vague memory of it increasing to 64)

      Note this will require considerable management -- ask yourself if it is really needed?
      Thanks Ossian! Must have overlooked that tab in the past.

      It does sound like it would cause problems but it will be good to restrict certain users who are known to hop from machine to machine who are well known for getting malware etc.

      Thanks again

      Comment


      • #4
        Re: Restrict certain users from logging on to certain pc's?

        Its on the "Account" tab -- button for "Log On To..."
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Restrict certain users from logging on to certain pc's?

          Originally posted by Ossian View Post
          Its on the "Account" tab -- button for "Log On To..."
          Yes I know, I found it from your first post.

          Thanks again

          Comment


          • #6
            Re: Restrict certain users from logging on to certain pc's?

            Out of interest, now that your question has been answered, which security software are you using?
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Re: Restrict certain users from logging on to certain pc's?

              If you need a more robust solution then you can use group policy.

              Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

              Use either Allow log on locally (implicit deny) or Deny log on locally (explicit deny).

              To use the GPO settings you'll need to split the computers into various OU's so you can apply different policies to different workstations.

              Just throwing it out there.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: Restrict certain users from logging on to certain pc's?

                How easy would that be to restrict a user to one machine only (and a different one per user)?
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Restrict certain users from logging on to certain pc's?

                  Whoops! Missed that it was only to their own machines. I thought it was a group. Thanks Tom.
                  Regards,
                  Jeremy

                  Network Consultant/Engineer
                  Baltimore - Washington area and beyond
                  www.gma-cpa.com

                  Comment

                  Working...
                  X