Solved

restrict computer for only one user in windows 2003 server

Posted on 2006-11-17
17
1,784 Views
Last Modified: 2008-01-09
hi
i have these question
if i have windows 2003 sever with active directory domain controller (domain oil.gov.iq)
and i have user1 and user2 and user3 and user4 .....etc(domain user)
with computer1 and computer2 and computer3 and computer4 ...etc (client computer)

i want to to alow only user1 to enter to computer1 and other user can not enter to this computer using domain username and password
and if i wnat the only user2 and user3 can enter to computer2

how i can restrict user from enter to specific   computer (only one username and password can enter to only one computer)

i mean if the user1 go to other computer (like computer2) i want the user can not enter to this computer using his username and pasword it can be enter to domain only from his computer (computer1)


its urgent

thanks
0
Comment
Question by:nasemabdullaa
  • 7
  • 5
  • 3
  • +1
17 Comments
 
LVL 14

Assisted Solution

by:inbarasan
inbarasan earned 50 total points
ID: 17963524
You may probably give Log on Locally rights only to that user in User rights assignment. You can access it from local security policy. Check it out
0
 
LVL 9

Accepted Solution

by:
csk_73 earned 300 total points
ID: 17963526
Hi nasemabdullaa,

Edit the AD user properties. In the accounts tab there is a button to set the computers where the user can log-in. I suppose it's something like "log-in from ..."
There you can set the computers the user can log-in.

Sorry, I'm not able to tell the exact name of the program, tab and button to press. I use spanish windows 2003.

Hope this helps!

Cesc
0
 

Author Comment

by:nasemabdullaa
ID: 17963576
hi
thanks for your reply
>>>Edit the AD user properties
iam enter to account user properties but i can not find where i can find (log-in)



>>>You may probably give Log on Locally rights only to that user
you mean from local security policy in server


thanks
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17963594
I belive that he is requesting you to do this from AD. Log in DC and open Active directory users and computers. Click on the user and go to properties
There you will login from.

Check it
0
 

Author Comment

by:nasemabdullaa
ID: 17963622
hi
thanks for your reply
can i add more than one user for only one computer

thanks
0
 
LVL 9

Expert Comment

by:csk_73
ID: 17963642
you can set many users to log on one computer, simply add the same computer to the allowed workstations list for each user that you want to be able to log onto that computer.

You are setting to what computers can log each user.

Cesc
0
 

Author Comment

by:nasemabdullaa
ID: 17963724
hi
thanks for your reply
in user properties i found this bottom
general - address - account- profile-telephon-  organization-environment -session-remote control-terminal service profile - com+-publish certificat -member off- dial in- object-security

there is no bottom  login from

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 150 total points
ID: 17963799
Just to clarify a little, I think what is being suggested at here is under the account tab there is a "logon to" button.  Click in there and add the computernames of the computers you like the person to logon to -- add as many as you want, i.e. for user1 just add computer1, for user2 add computer2 and user3 add computer2

The other way is to restrict their user accounts by amending the local security policy as also suggested or through a group policy but if this is really for a handful of machines then do as above.

Steve
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:nasemabdullaa
ID: 17963828
hi
thanks for your reply
>>>The other way is to restrict their user accounts by amending the local security policy
can you explain more
how i can do that

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 150 total points
ID: 17964030
As inbarasan said originally really.... Assuming nothing has been set at the domain level you could go to Admin Tools | |local security policy, drill down under computer settings and user rights and enter the Allow logon locally user right.  This will list the users and groups that can logon to this comptuer from the console.

You can uncheck ones you don't want .... make sure at least Admins group is in there eh....

or You can add people you DON'T want to logon to the Deny Logon locally user right either through a new local group you create or directly with their username,

Alternative is to remove the users from the local groups, i.e. rather than havign the "domain users" group as a member of the local Users group (computer managemtn, user and groups, .... etc.) remove it and instead add user1.  Then only user1 is in the Users group and the Users group has access to the PC...

hth

Steve
0
 

Author Comment

by:nasemabdullaa
ID: 17965088
hi
thanks for all
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965634
"hi, thanks for all".

For future reference there is a Split points button at the bottom of the quesiton...
0
 

Author Comment

by:nasemabdullaa
ID: 17965691
hi dragon-it
iam realy sorry
i do not know i can split the point

iam sorry again

thank
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965801
Should you change your mind or want any amendments in the future all you have to do is post a question here

http://www.experts-exchange.com/Community_Support/

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17986423
Thanks!

Steve
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17986741
Thanks nasemabdullaa
0
 

Author Comment

by:nasemabdullaa
ID: 17987403
hi
thanks dragon-it and inbarasan and  csk_73
for help to me

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD Migration / Upgrade 4 50
VCSA join to Active directory 10 105
Windows 2003 SID Regeneration in ESXi 6.0 5 64
Generate HTML report about DHCP server 2003 1 0
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now