Re: Restricting User Access to machines in the domain...

From: Conrad (cband@epsnorthwest.com)
Date: 07/11/02 

From: "Conrad" <cband@epsnorthwest.com>
Date: Thu, 11 Jul 2002 11:35:03 -0700

If you look at the user(s) properties under AD Users and Computers and
navigate to the Account tab where there is a "Log On To..." buton that
defaults as all computers, however you are allowed to select specific
computers that the users are allowed to lon on to.

Hope this helps!

-Conrad

"jat_adsk" <t_tresj@autodesk.com> wrote in message
news:Ov2kjbQKCHA.2604@tkmsftngp11...
> Hello,
>
> I have a Windows 2000 AD domain, I'm working with a training lab of about
20
> machines. This lab is used to allow customers to test our products, but
we
> do not want them to have access to our files, source, etc. The systems in
> the lab are currently setup in a workgroup. On the domain there is a user
> account with the same username/password as on the systems in the lab. So
I
> can access the domain controllers which house certain files we would like
> the customers to get access to from time to time. However this setup also
> allows them to authenticate into any other machine in the domain, some of
> which are not as secure as the server, presenting a security risk.
Ideally
> what I would like to do is setup a group policy that allows me to specify
> the computer names which that user account is allowed to authenticate
into.
> However I have no idea by what mechanism this would be accomplished, and
> after looking around on the net I'm not sure it can be accomplished. I am
> hoping someone out there has an idea about how I might go about doing
this,
> I would ideally like to use the domain controllers as the server as it
makes
> more sense organizationally. I have however considered the option of using
> another stand-alone system as the "server" if need be, but I'd like to
> believe there is away to control this type of access via the domain.
>
> Thank you for your help,
>
> Justin
>
>

Relevant Pages

  • members of "user" group cannot access internet
    ... Problem with "user" account: unable to access any internet site; ... Computer lab; 10 PCs with identical hardware & software. ... None of the other 9 computers in the lab have this problem. ... Files can be accessed across the network, but I cannot access the internet ...
    (microsoft.public.windowsxp.configuration_manage)
  • members of "user" group cannot access internet
    ... Problem with "user" account: unable to access any internet site; ... Computer lab; 10 PCs with identical hardware & software. ... None of the other 9 computers in the lab have this problem. ... Files can be accessed across the network, but I cannot access the internet ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How to locate the source of an account being locked out?
    ... > search for those events on domain controllers and domain computers to find ... > logons tracing back to the offending computer via transitive logon. ... > find the problem computers you will have to see what the cause is. ... Note that MS recommends that the account lockout ...
    (microsoft.public.win2000.security)
  • Re: Alerting - Malicious software removal tool
    ... >needed to install an application that she could not install from ... >"Administrator" account. ... You failed to analyze the root cause and correct it ... use their computers to have fun. ...
    (microsoft.public.security.virus)
  • RE: User template question
    ... Account tab). ... A new logon script was also assigned from the Profile tab. ... I'm afraid that your purpose cannot be achieved through User Template. ... Deploys software to user computers. ...
    (microsoft.public.windows.server.sbs)