I'm doing some consulting at a company at the moment who asked me a very reasonable question, but I could not give them an answer.
They asked if it was possible to create a policy that will prevent them from logging onto any machine in the domain - IE, is there any way to associate their user account with a specific machine, and ensure that they can ONLY log onto this machine in the domain, as oposed to any machine of their choice. Obviously, a domain user account can, by default, be used to log onto any domain attached machine. Can you change this?
Windows 2000 SBS
AD Domain Environment
Windows XP SP2 Desktops
Thankyou all in advance for your assistance!!!!