Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 161
  • Last Modified:

Control which users can login to a machine w/Active Directory

I'm running 2003 server with Active Directory
How can I control which users can login to specific machines.
Right now even though everyone has their own account, Everyone can log into every computer and get into everyone elses stuff using windows explorer and its causing big problems with people snooping around.

I need to basically assign users to computers and block everyone else who shouldn't be allowed to use them from being able to log into them.

Please describe step by step how to assign certain computers to a user / block all but certain users from a machine using Active Directory.

Thanks!
0
Matrix1000
Asked:
Matrix1000
1 Solution
 
oBdACommented:
In ADUC, in the user's profile, you can specify which machine(s) the user is allowed to logon.
But that's only treating the symptoms, not the cause.
If people are able to "snoop around", then your permissions are set incorrectly. With correct permissions set, people can logon to any machine without seeing anybody else's files. Assign home drives to your users, let them store their data there, which gives you the possibility to backup that data as well. Set proper NTFS permissions on the home drives, and your users could even (but shouldn't) be local administrators on the machine, without having access to other people's data.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now