Solved

How can we give permissions for a user to access only a particular machine

Posted on 2007-03-25
6
223 Views
Last Modified: 2010-04-20
Hi,

What is the option in ADS where we can specify that a user only can login to his machine .This will improve the security in the company that we have track on all the events.Can you tell me what will be the disadvntages in doing this.

Please give me a link in performing this.

Regards
Sharath
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788323
Open the user's properties in Active Directory Users & Computers, open the Account tab then click the Log on to... button, you can specify a list of computers the user can log on to from there.

Disadvantages?  Depends on your scenario.  If it's like most offices where everybody pretty much has their own PC the only disadvantage is your effort of filling in who can use which PC, other then that it's a security improvement as you say.  If users roam around PCs in your office the disadvantages are that you'll have to add most PCs to the "allowed list" for each user so you almost negate the security benefits of the exercise and make a lot of work for yourself.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18788370
I have all the users who access a machine iassist ,Citrix can i add this particular user to all users through a bat file or so
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788491
I'm a bit confused what you're asking?

Assuming your asking if you can add a particular user to all computers with a script, I don't know how to do it unfortuantely.  You can make lots of changes to users with the "dsmod" command line tool, but changing the computers they're allowed to log on to isn't one of the options you can change.  There may be a lower-level tool (command line version of ADSIEdit) that could manage it but I'm not aware of it.  It may be possible to do it through Group Policy either, but I've never tried so am not sure how you would go about it.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18789849
can you explain how Citrix fits into the question?  you didn't mention anything about Citirix in your initial question.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18790163
My question is i need to add a computer to every a user that he uses and one more question is can we add 1 computer to all the users as all the users use citrix to connect for work.
Is there a script that can do it.add 1 computer to all users
Regards
Sharath
0
 
LVL 11

Accepted Solution

by:
Zenith63 earned 500 total points
ID: 18791567
To add one computer to multiple users - In Active Directory Users & Computers select all the users you want to add the computer to using the CTRL key and the left mouse button.  Then right click one of the selected users and select Properties. Open the Account tab. Put a tick beside "Computer Restrictions"then press the "Log on to..." button and add the computer there that all these users should be able to use.  All selected accounts will be updated with this computer in their lists.

There's no certain way for Active Directory to know which computer a user uses "usually" so you're going to have to configure this initial bit manually IMHO.
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question