Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

restrict computer for only one user in windows 2003 server

Posted on 2006-11-17
17
Medium Priority
?
1,823 Views
Last Modified: 2008-01-09
hi
i have these question
if i have windows 2003 sever with active directory domain controller (domain oil.gov.iq)
and i have user1 and user2 and user3 and user4 .....etc(domain user)
with computer1 and computer2 and computer3 and computer4 ...etc (client computer)

i want to to alow only user1 to enter to computer1 and other user can not enter to this computer using domain username and password
and if i wnat the only user2 and user3 can enter to computer2

how i can restrict user from enter to specific   computer (only one username and password can enter to only one computer)

i mean if the user1 go to other computer (like computer2) i want the user can not enter to this computer using his username and pasword it can be enter to domain only from his computer (computer1)


its urgent

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +1
17 Comments
 
LVL 14

Assisted Solution

by:inbarasan
inbarasan earned 200 total points
ID: 17963524
You may probably give Log on Locally rights only to that user in User rights assignment. You can access it from local security policy. Check it out
0
 
LVL 9

Accepted Solution

by:
csk_73 earned 1200 total points
ID: 17963526
Hi nasemabdullaa,

Edit the AD user properties. In the accounts tab there is a button to set the computers where the user can log-in. I suppose it's something like "log-in from ..."
There you can set the computers the user can log-in.

Sorry, I'm not able to tell the exact name of the program, tab and button to press. I use spanish windows 2003.

Hope this helps!

Cesc
0
 

Author Comment

by:nasemabdullaa
ID: 17963576
hi
thanks for your reply
>>>Edit the AD user properties
iam enter to account user properties but i can not find where i can find (log-in)



>>>You may probably give Log on Locally rights only to that user
you mean from local security policy in server


thanks
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 14

Expert Comment

by:inbarasan
ID: 17963594
I belive that he is requesting you to do this from AD. Log in DC and open Active directory users and computers. Click on the user and go to properties
There you will login from.

Check it
0
 

Author Comment

by:nasemabdullaa
ID: 17963622
hi
thanks for your reply
can i add more than one user for only one computer

thanks
0
 
LVL 9

Expert Comment

by:csk_73
ID: 17963642
you can set many users to log on one computer, simply add the same computer to the allowed workstations list for each user that you want to be able to log onto that computer.

You are setting to what computers can log each user.

Cesc
0
 

Author Comment

by:nasemabdullaa
ID: 17963724
hi
thanks for your reply
in user properties i found this bottom
general - address - account- profile-telephon-  organization-environment -session-remote control-terminal service profile - com+-publish certificat -member off- dial in- object-security

there is no bottom  login from

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 600 total points
ID: 17963799
Just to clarify a little, I think what is being suggested at here is under the account tab there is a "logon to" button.  Click in there and add the computernames of the computers you like the person to logon to -- add as many as you want, i.e. for user1 just add computer1, for user2 add computer2 and user3 add computer2

The other way is to restrict their user accounts by amending the local security policy as also suggested or through a group policy but if this is really for a handful of machines then do as above.

Steve
0
 

Author Comment

by:nasemabdullaa
ID: 17963828
hi
thanks for your reply
>>>The other way is to restrict their user accounts by amending the local security policy
can you explain more
how i can do that

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 600 total points
ID: 17964030
As inbarasan said originally really.... Assuming nothing has been set at the domain level you could go to Admin Tools | |local security policy, drill down under computer settings and user rights and enter the Allow logon locally user right.  This will list the users and groups that can logon to this comptuer from the console.

You can uncheck ones you don't want .... make sure at least Admins group is in there eh....

or You can add people you DON'T want to logon to the Deny Logon locally user right either through a new local group you create or directly with their username,

Alternative is to remove the users from the local groups, i.e. rather than havign the "domain users" group as a member of the local Users group (computer managemtn, user and groups, .... etc.) remove it and instead add user1.  Then only user1 is in the Users group and the Users group has access to the PC...

hth

Steve
0
 

Author Comment

by:nasemabdullaa
ID: 17965088
hi
thanks for all
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965634
"hi, thanks for all".

For future reference there is a Split points button at the bottom of the quesiton...
0
 

Author Comment

by:nasemabdullaa
ID: 17965691
hi dragon-it
iam realy sorry
i do not know i can split the point

iam sorry again

thank
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965801
Should you change your mind or want any amendments in the future all you have to do is post a question here

http://www.experts-exchange.com/Community_Support/

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17986423
Thanks!

Steve
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17986741
Thanks nasemabdullaa
0
 

Author Comment

by:nasemabdullaa
ID: 17987403
hi
thanks dragon-it and inbarasan and  csk_73
for help to me

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question