Solved

restrict computer for only one user in windows 2003 server

Posted on 2006-11-17
17
1,771 Views
Last Modified: 2008-01-09
hi
i have these question
if i have windows 2003 sever with active directory domain controller (domain oil.gov.iq)
and i have user1 and user2 and user3 and user4 .....etc(domain user)
with computer1 and computer2 and computer3 and computer4 ...etc (client computer)

i want to to alow only user1 to enter to computer1 and other user can not enter to this computer using domain username and password
and if i wnat the only user2 and user3 can enter to computer2

how i can restrict user from enter to specific   computer (only one username and password can enter to only one computer)

i mean if the user1 go to other computer (like computer2) i want the user can not enter to this computer using his username and pasword it can be enter to domain only from his computer (computer1)


its urgent

thanks
0
Comment
Question by:nasemabdullaa
  • 7
  • 5
  • 3
  • +1
17 Comments
 
LVL 14

Assisted Solution

by:inbarasan
inbarasan earned 50 total points
Comment Utility
You may probably give Log on Locally rights only to that user in User rights assignment. You can access it from local security policy. Check it out
0
 
LVL 9

Accepted Solution

by:
csk_73 earned 300 total points
Comment Utility
Hi nasemabdullaa,
>
Edit the AD user properties. In the accounts tab there is a button to set the computers where the user can log-in. I suppose it's something like "log-in from ..."
There you can set the computers the user can log-in.

Sorry, I'm not able to tell the exact name of the program, tab and button to press. I use spanish windows 2003.

Hope this helps!

Cesc
0
 

Author Comment

by:nasemabdullaa
Comment Utility
hi
thanks for your reply
>>>Edit the AD user properties
iam enter to account user properties but i can not find where i can find (log-in)



>>>You may probably give Log on Locally rights only to that user
you mean from local security policy in server


thanks
0
 
LVL 14

Expert Comment

by:inbarasan
Comment Utility
I belive that he is requesting you to do this from AD. Log in DC and open Active directory users and computers. Click on the user and go to properties
There you will login from.

Check it
0
 

Author Comment

by:nasemabdullaa
Comment Utility
hi
thanks for your reply
can i add more than one user for only one computer

thanks
0
 
LVL 9

Expert Comment

by:csk_73
Comment Utility
you can set many users to log on one computer, simply add the same computer to the allowed workstations list for each user that you want to be able to log onto that computer.

You are setting to what computers can log each user.

Cesc
0
 

Author Comment

by:nasemabdullaa
Comment Utility
hi
thanks for your reply
in user properties i found this bottom
general - address - account- profile-telephon-  organization-environment -session-remote control-terminal service profile - com+-publish certificat -member off- dial in- object-security

there is no bottom  login from

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 150 total points
Comment Utility
Just to clarify a little, I think what is being suggested at here is under the account tab there is a "logon to" button.  Click in there and add the computernames of the computers you like the person to logon to -- add as many as you want, i.e. for user1 just add computer1, for user2 add computer2 and user3 add computer2

The other way is to restrict their user accounts by amending the local security policy as also suggested or through a group policy but if this is really for a handful of machines then do as above.

Steve
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:nasemabdullaa
Comment Utility
hi
thanks for your reply
>>>The other way is to restrict their user accounts by amending the local security policy
can you explain more
how i can do that

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 150 total points
Comment Utility
As inbarasan said originally really.... Assuming nothing has been set at the domain level you could go to Admin Tools | |local security policy, drill down under computer settings and user rights and enter the Allow logon locally user right.  This will list the users and groups that can logon to this comptuer from the console.

You can uncheck ones you don't want .... make sure at least Admins group is in there eh....

or You can add people you DON'T want to logon to the Deny Logon locally user right either through a new local group you create or directly with their username,

Alternative is to remove the users from the local groups, i.e. rather than havign the "domain users" group as a member of the local Users group (computer managemtn, user and groups, .... etc.) remove it and instead add user1.  Then only user1 is in the Users group and the Users group has access to the PC...

hth

Steve
0
 

Author Comment

by:nasemabdullaa
Comment Utility
hi
thanks for all
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
"hi, thanks for all".

For future reference there is a Split points button at the bottom of the quesiton...
0
 

Author Comment

by:nasemabdullaa
Comment Utility
hi dragon-it
iam realy sorry
i do not know i can split the point

iam sorry again

thank
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Should you change your mind or want any amendments in the future all you have to do is post a question here

http://www.experts-exchange.com/Community_Support/

0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Thanks!

Steve
0
 
LVL 14

Expert Comment

by:inbarasan
Comment Utility
Thanks nasemabdullaa
0
 

Author Comment

by:nasemabdullaa
Comment Utility
hi
thanks dragon-it and inbarasan and  csk_73
for help to me

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now