Re: Restrict Logon Location

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/17/04


Date: Wed, 17 Nov 2004 13:05:50 -0600

In Windows you can restrict the user logon to specific domain computers in
their AD user account properties by computer name. Also the user rights for
logon locally and deny logon locally can be used to restrict users for
console logon. That can be done in a number of ways either via local,
domain, or Organizational Unit level. User rights are located in security
policy under security settings/local policies/user rights. Note that deny
will always override a users allow for a user right and that administrators
are also members of the everyone and user groups. Local policy can also be
overridden by domain/OU policy. Group/security policy is applied in this
order in Windows 2000/2003 with the last applied defined policy being
applied -- local>site>domain>Organizational Unit. -- Steve

"Karine Rivet" <krivet(nospam)@viad.com> wrote in message
news:eIM3N4MzEHA.1260@TK2MSFTNGP12.phx.gbl...
> In Netware we have the ability to restrict where a Netware account can
> logon based on MAC address, i.e. we can restrict the account to only
> being able to logon from one specific MAC address. Is this doable in AD
> and if so how?
>
>