?
Solved

restrict computer for only one user in windows 2003 server

Posted on 2006-11-17
17
Medium Priority
?
1,817 Views
Last Modified: 2008-01-09
hi
i have these question
if i have windows 2003 sever with active directory domain controller (domain oil.gov.iq)
and i have user1 and user2 and user3 and user4 .....etc(domain user)
with computer1 and computer2 and computer3 and computer4 ...etc (client computer)

i want to to alow only user1 to enter to computer1 and other user can not enter to this computer using domain username and password
and if i wnat the only user2 and user3 can enter to computer2

how i can restrict user from enter to specific   computer (only one username and password can enter to only one computer)

i mean if the user1 go to other computer (like computer2) i want the user can not enter to this computer using his username and pasword it can be enter to domain only from his computer (computer1)


its urgent

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +1
17 Comments
 
LVL 14

Assisted Solution

by:inbarasan
inbarasan earned 200 total points
ID: 17963524
You may probably give Log on Locally rights only to that user in User rights assignment. You can access it from local security policy. Check it out
0
 
LVL 9

Accepted Solution

by:
csk_73 earned 1200 total points
ID: 17963526
Hi nasemabdullaa,

Edit the AD user properties. In the accounts tab there is a button to set the computers where the user can log-in. I suppose it's something like "log-in from ..."
There you can set the computers the user can log-in.

Sorry, I'm not able to tell the exact name of the program, tab and button to press. I use spanish windows 2003.

Hope this helps!

Cesc
0
 

Author Comment

by:nasemabdullaa
ID: 17963576
hi
thanks for your reply
>>>Edit the AD user properties
iam enter to account user properties but i can not find where i can find (log-in)



>>>You may probably give Log on Locally rights only to that user
you mean from local security policy in server


thanks
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 14

Expert Comment

by:inbarasan
ID: 17963594
I belive that he is requesting you to do this from AD. Log in DC and open Active directory users and computers. Click on the user and go to properties
There you will login from.

Check it
0
 

Author Comment

by:nasemabdullaa
ID: 17963622
hi
thanks for your reply
can i add more than one user for only one computer

thanks
0
 
LVL 9

Expert Comment

by:csk_73
ID: 17963642
you can set many users to log on one computer, simply add the same computer to the allowed workstations list for each user that you want to be able to log onto that computer.

You are setting to what computers can log each user.

Cesc
0
 

Author Comment

by:nasemabdullaa
ID: 17963724
hi
thanks for your reply
in user properties i found this bottom
general - address - account- profile-telephon-  organization-environment -session-remote control-terminal service profile - com+-publish certificat -member off- dial in- object-security

there is no bottom  login from

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 600 total points
ID: 17963799
Just to clarify a little, I think what is being suggested at here is under the account tab there is a "logon to" button.  Click in there and add the computernames of the computers you like the person to logon to -- add as many as you want, i.e. for user1 just add computer1, for user2 add computer2 and user3 add computer2

The other way is to restrict their user accounts by amending the local security policy as also suggested or through a group policy but if this is really for a handful of machines then do as above.

Steve
0
 

Author Comment

by:nasemabdullaa
ID: 17963828
hi
thanks for your reply
>>>The other way is to restrict their user accounts by amending the local security policy
can you explain more
how i can do that

thanks
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 600 total points
ID: 17964030
As inbarasan said originally really.... Assuming nothing has been set at the domain level you could go to Admin Tools | |local security policy, drill down under computer settings and user rights and enter the Allow logon locally user right.  This will list the users and groups that can logon to this comptuer from the console.

You can uncheck ones you don't want .... make sure at least Admins group is in there eh....

or You can add people you DON'T want to logon to the Deny Logon locally user right either through a new local group you create or directly with their username,

Alternative is to remove the users from the local groups, i.e. rather than havign the "domain users" group as a member of the local Users group (computer managemtn, user and groups, .... etc.) remove it and instead add user1.  Then only user1 is in the Users group and the Users group has access to the PC...

hth

Steve
0
 

Author Comment

by:nasemabdullaa
ID: 17965088
hi
thanks for all
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965634
"hi, thanks for all".

For future reference there is a Split points button at the bottom of the quesiton...
0
 

Author Comment

by:nasemabdullaa
ID: 17965691
hi dragon-it
iam realy sorry
i do not know i can split the point

iam sorry again

thank
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965801
Should you change your mind or want any amendments in the future all you have to do is post a question here

http://www.experts-exchange.com/Community_Support/

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17986423
Thanks!

Steve
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17986741
Thanks nasemabdullaa
0
 

Author Comment

by:nasemabdullaa
ID: 17987403
hi
thanks dragon-it and inbarasan and  csk_73
for help to me

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question