Solved

Control which users can login to a machine w/Active Directory

Posted on 2004-09-18
1
155 Views
Last Modified: 2012-05-05
I'm running 2003 server with Active Directory
How can I control which users can login to specific machines.
Right now even though everyone has their own account, Everyone can log into every computer and get into everyone elses stuff using windows explorer and its causing big problems with people snooping around.

I need to basically assign users to computers and block everyone else who shouldn't be allowed to use them from being able to log into them.

Please describe step by step how to assign certain computers to a user / block all but certain users from a machine using Active Directory.

Thanks!
0
Comment
Question by:Matrix1000
1 Comment
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 12093198
In ADUC, in the user's profile, you can specify which machine(s) the user is allowed to logon.
But that's only treating the symptoms, not the cause.
If people are able to "snoop around", then your permissions are set incorrectly. With correct permissions set, people can logon to any machine without seeing anybody else's files. Assign home drives to your users, let them store their data there, which gives you the possibility to backup that data as well. Set proper NTFS permissions on the home drives, and your users could even (but shouldn't) be local administrators on the machine, without having access to other people's data.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question