Problem Restricting Users Logging onto specific PCs

Posted on 2006-05-19
Last Modified: 2010-04-11

I have enabled a security policy thru Active Directory>Users And Computers
where in the USER properties ACCOUNT>LOG ONTO WORKSTATION, I have defined the PCs for which each user is allowed to log onto.....this works great for Windows PCs connected to the LAN.  Users can ONLY log onto the PCs which have been specified in their active directory profile.

 However,  I have 3 problems....

1) Laptops (these are connecting thru a wireless)......the domain userid is created on the laptop.....the user can log onto the domain, thru the laptop.  Can connect to all network drives....the laptop's computer name is defined in the list of LOG ONTO WORKSTATIONS noted far so good.....  the problem is that the user can not
get Outlook to connect to the Exchange Server.  Even, if the laptop is defined in the user's AD profile.
I have to allow the user to log onto any PC in order to get this to work.

2) Linux PCs using Evolution.  Can not even successfully log onto domain, even if PC is joined to domain,  unless the user profile in the AD is set to allow login to any PC.

Allowing users to log onto any PC violates our local security policy.

How can I restrict user logons to certain machines, but at the same time get Exchange to allow a connection from a laptop and allow a Linux PC to log on. ( and connect to the Exchange server with Evolution)

Please advise.  Thanks.
Question by:rstuemke
    LVL 6

    Accepted Solution

    1. give the laptop users the right to log on to the exchange server over the network.

    2. if your linux pc's have rights to log on to your DC's, can they then log onto the domain and access priveleged resources?


    Author Comment

    I am a filthly liar.........I meant OWA in the first posting and not Outlook.  Outlook works fine if the PC is joined to the domain.  It is OWA which has the problem, requiring me to remove logon restrictions.

    Linux also has the problem with OWA, AND LOGON.

    The laptops and home PCs are having problems with OWA.

    All pcs and laptops are in the same OU.

    Laptop users login as domain users, the domain userid is created on the laptop and they log into the domain.

    Linux users also log into the domain, in a similar set up.

    Author Comment

    Allowing the user to logon to the exchange server fixed the problem.....this server is not accessible so no security risk....besides, the users will be of the best security policies around.....

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now