Solved

How can we give permissions for a user to access only a particular machine

Posted on 2007-03-25
6
220 Views
Last Modified: 2010-04-20
Hi,

What is the option in ADS where we can specify that a user only can login to his machine .This will improve the security in the company that we have track on all the events.Can you tell me what will be the disadvntages in doing this.

Please give me a link in performing this.

Regards
Sharath
0
Comment
Question by:bsharath
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788323
Open the user's properties in Active Directory Users & Computers, open the Account tab then click the Log on to... button, you can specify a list of computers the user can log on to from there.

Disadvantages?  Depends on your scenario.  If it's like most offices where everybody pretty much has their own PC the only disadvantage is your effort of filling in who can use which PC, other then that it's a security improvement as you say.  If users roam around PCs in your office the disadvantages are that you'll have to add most PCs to the "allowed list" for each user so you almost negate the security benefits of the exercise and make a lot of work for yourself.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18788370
I have all the users who access a machine iassist ,Citrix can i add this particular user to all users through a bat file or so
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788491
I'm a bit confused what you're asking?

Assuming your asking if you can add a particular user to all computers with a script, I don't know how to do it unfortuantely.  You can make lots of changes to users with the "dsmod" command line tool, but changing the computers they're allowed to log on to isn't one of the options you can change.  There may be a lower-level tool (command line version of ADSIEdit) that could manage it but I'm not aware of it.  It may be possible to do it through Group Policy either, but I've never tried so am not sure how you would go about it.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18789849
can you explain how Citrix fits into the question?  you didn't mention anything about Citirix in your initial question.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18790163
My question is i need to add a computer to every a user that he uses and one more question is can we add 1 computer to all the users as all the users use citrix to connect for work.
Is there a script that can do it.add 1 computer to all users
Regards
Sharath
0
 
LVL 11

Accepted Solution

by:
Zenith63 earned 500 total points
ID: 18791567
To add one computer to multiple users - In Active Directory Users & Computers select all the users you want to add the computer to using the CTRL key and the left mouse button.  Then right click one of the selected users and select Properties. Open the Account tab. Put a tick beside "Computer Restrictions"then press the "Log on to..." button and add the computer there that all these users should be able to use.  All selected accounts will be updated with this computer in their lists.

There's no certain way for Active Directory to know which computer a user uses "usually" so you're going to have to configure this initial bit manually IMHO.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now