Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can we give permissions for a user to access only a particular machine

Posted on 2007-03-25
6
Medium Priority
?
225 Views
Last Modified: 2010-04-20
Hi,

What is the option in ADS where we can specify that a user only can login to his machine .This will improve the security in the company that we have track on all the events.Can you tell me what will be the disadvntages in doing this.

Please give me a link in performing this.

Regards
Sharath
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788323
Open the user's properties in Active Directory Users & Computers, open the Account tab then click the Log on to... button, you can specify a list of computers the user can log on to from there.

Disadvantages?  Depends on your scenario.  If it's like most offices where everybody pretty much has their own PC the only disadvantage is your effort of filling in who can use which PC, other then that it's a security improvement as you say.  If users roam around PCs in your office the disadvantages are that you'll have to add most PCs to the "allowed list" for each user so you almost negate the security benefits of the exercise and make a lot of work for yourself.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18788370
I have all the users who access a machine iassist ,Citrix can i add this particular user to all users through a bat file or so
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788491
I'm a bit confused what you're asking?

Assuming your asking if you can add a particular user to all computers with a script, I don't know how to do it unfortuantely.  You can make lots of changes to users with the "dsmod" command line tool, but changing the computers they're allowed to log on to isn't one of the options you can change.  There may be a lower-level tool (command line version of ADSIEdit) that could manage it but I'm not aware of it.  It may be possible to do it through Group Policy either, but I've never tried so am not sure how you would go about it.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18789849
can you explain how Citrix fits into the question?  you didn't mention anything about Citirix in your initial question.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18790163
My question is i need to add a computer to every a user that he uses and one more question is can we add 1 computer to all the users as all the users use citrix to connect for work.
Is there a script that can do it.add 1 computer to all users
Regards
Sharath
0
 
LVL 11

Accepted Solution

by:
Zenith63 earned 2000 total points
ID: 18791567
To add one computer to multiple users - In Active Directory Users & Computers select all the users you want to add the computer to using the CTRL key and the left mouse button.  Then right click one of the selected users and select Properties. Open the Account tab. Put a tick beside "Computer Restrictions"then press the "Log on to..." button and add the computer there that all these users should be able to use.  All selected accounts will be updated with this computer in their lists.

There's no certain way for Active Directory to know which computer a user uses "usually" so you're going to have to configure this initial bit manually IMHO.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question