We help IT Professionals succeed at work.

Restrict user logon access to computers

ntossiou
ntossiou used Ask the Experts™
on
Hello there,

I'm running a network based on Windows Server 2003 SP1 Enterprise Edition. My question is whether it is possible to restrict logon access to the users to specific computers, so that they cannot logon to all computers in the network - locally, that is.
I know that it is possible to go to each user's object in AD and specify the computers in 'Log On To...", but I was wondering whether there is a 'batch' way to do this through group policy or some script.
Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Solutions Architect
Commented:
You can do limited batch processing from from ADUC.

Just select multiple users with ithe ADUC console (CTRL+Click) or (SHIFT+Click)

The right click the highlighted users and select properties then just select Account Computer Restrictions and Log On to.

This will only work if the group of users is restricted to the same machines.

Other than that, it can be scripted.

Author

Commented:
Pber,

Thanks for the quick reply. Any example scripts you could provide?