Re: Restrict Logon Location

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/17/04


Date: Wed, 17 Nov 2004 13:05:50 -0600

In Windows you can restrict the user logon to specific domain computers in
their AD user account properties by computer name. Also the user rights for
logon locally and deny logon locally can be used to restrict users for
console logon. That can be done in a number of ways either via local,
domain, or Organizational Unit level. User rights are located in security
policy under security settings/local policies/user rights. Note that deny
will always override a users allow for a user right and that administrators
are also members of the everyone and user groups. Local policy can also be
overridden by domain/OU policy. Group/security policy is applied in this
order in Windows 2000/2003 with the last applied defined policy being
applied -- local>site>domain>Organizational Unit. -- Steve

"Karine Rivet" <krivet(nospam)@viad.com> wrote in message
news:eIM3N4MzEHA.1260@TK2MSFTNGP12.phx.gbl...
> In Netware we have the ability to restrict where a Netware account can
> logon based on MAC address, i.e. we can restrict the account to only
> being able to logon from one specific MAC address. Is this doable in AD
> and if so how?
>
>



Relevant Pages

  • Re: Restrict Logon Location
    ... In Windows you can restrict the user logon to specific domain computers in ... User rights are located in security ... policy under security settings/local policies/user rights. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How can I prevent users from logging onto a specific machine
    ... configure the user rights on that machine to not allow either logon locally ... Derek Melber ... > The machines I want to restrict are XP prof. ... > limit who can logon to a couple of users. ...
    (microsoft.public.windows.server.security)
  • Re: Wish list to MS: "Logon to" feature doesnt allow wildcard masks ?
    ... You can restrict what computers a group of users can logon to using Group ... Policy and the "Allow Logon Locally" right. ... > We have some 'shared' accounts used by multiple users. ...
    (microsoft.public.win2000.security)
  • profile not cached
    ... should be able to logon to the domain even if they don't ... have an network connection. ... There is not a policy in ... place that would restrict this either. ...
    (microsoft.public.windowsxp.network_web)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)