• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Restrict computers to specific user accounts in AD

Hi,

I'm familiar with the user account option to restrict use of the account to a list of named computers.

What I want to do is the opposite. For certain computers I only want certain accounts to have access.

E.g. User U1 can login to all computers, but user U2 can log into most computers not five of them.

I could do this by setting allowed workstations for every account but, apart from being a lot work, this seems a clumsy solution.

Is there a better way?

W2003 domain, XP Pro clients.

Thanks,

Leon...
0
leonst
Asked:
leonst
2 Solutions
 
imnajamCommented:
Hi leonst,

You may try grouping computers, may call it public (all workstation) and private(5 computers) when restricting /allowing users allow to log on to public group

Cheers!
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Almost all Group Policies have both positive and negative settings.  If you want the opposite, then just DENY permission to the list of users instead of GRANTING permission.

Jeff
TechSoEasy
0
 
leonstAuthor Commented:
You're both correct, although what I really wanted to know was exactly how to do it.

I found this article:

http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/localpol/w2kadm12.mspx

and worked out that the policy I wanted was Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Logon Locally.

By specifying one group for this it seems to work fine.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now