Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Resticing Domain Logons in Departments

I currently have a network with two Win2K Servers, set up for to host the domain called 'network' for around 100 XP Pro Workstations.
Within the company I Have 6 Departments (Accounts, Graphics, Technical etc..) with 10-25 PC's in each. Currently all users have their own username and romain profile and can log onto any PC in the building.
Is there a way of restriciting the logons so that people in the accounts department can log onto the PC's in the Techncial Department. I have arleady tried to restrict logons in the user properites in AD Users & Computers but this is limited. I have thought about setting up multiple domains but this would incurr much cost and time and seems a large task for such a little question.

Any help would be appreciated.
0
philharle
Asked:
philharle
1 Solution
 
stevenlewisCommented:
Do you have OU's setup?
http://www.jsiinc.com/sube/tip2200/rh2214.htm
Have you checked out restricted groups
http://www.jsiinc.com/subg/tip3200/rh3251.htm
0
 
jmiller47Commented:
" I have arleady tried to restrict logons in the user properites in AD Users & Computers but this is limited."

You say this is limited. What is limited? What are trying to do that is cannot?
0
 
jmiller47Commented:
Sorry, I meant to say
"You say this is limited. What is limited? What are you trying to do that this cannot?"
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ComplyCommented:
You setup roaming profiles, So you will have to setup a new Doamain and [Not use Roaming Profiles] One reason most Admins never use it is just your case.
0
 
philharleAuthor Commented:
The properties in AD Users and Computers limits you to entering 10 computers. In some departments I need users to have access to up to 25 computers.

Comply- Im not sure i understand what you're getting at. Why do i need to disble romaing profiles. SInce currently they are working fine.
0
 
ehestonCommented:
On each PC, go to Admin Tools, local security policy, user rights.  Edit Log on Locally to include ONLY Administrators, Domain Admins, and Accounts
Group(or whichever departmental DOMAIN group is appropriate).

This may seem like alot of work, but once all of the workstations are setup it won't be.  Once you add a user to the appropriate departmental group, they will be able to logon to any machine in their department.

There maybe a better way to do this, but this is the best I can think of off the top of my head.  It should accomplish your objective and shouldn't interfere at all with your roaming profiles.  Please test thoroughly, especially on the first couple of computers.
0
 
jmiller47Commented:
In AD you can place each computer in a new OU that represents the Department.

Then create a GPO for each department OU restricting the user right "Logon on interactively" only to the people in that department.
0
 
jmiller47Commented:
"In AD you can place each computer in a new OU that represents the Department."

Should read "represents EACH deaprtment". You should create a new OU for each department if you haven't already. Place your computer object in it's corresponding departmental OU.
0
 
philharleAuthor Commented:
--> jmiller
that sounds like the perfect solution since little admistration is required. i tried to set it up, an maybe its just me being blind burt i cant find the setting for 'logon intercativly' in the new GPO. All i can find is 'logon locally' which i assume isnt what is needed. Could you point me in the right direction please.

Thanks!!!
0
 
jmiller47Commented:
My bad. I believe "log on interactively" was an old NT4 user right. Use the Log on Locally right. That should be what you are looking for.

Set up a few workstations using this policy and test it before going all out to ensure that it is working for you properly in your situation.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now