Solved

How can we give permissions for a user to access only a particular machine

Posted on 2007-03-25
6
219 Views
Last Modified: 2010-04-20
Hi,

What is the option in ADS where we can specify that a user only can login to his machine .This will improve the security in the company that we have track on all the events.Can you tell me what will be the disadvntages in doing this.

Please give me a link in performing this.

Regards
Sharath
0
Comment
Question by:bsharath
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788323
Open the user's properties in Active Directory Users & Computers, open the Account tab then click the Log on to... button, you can specify a list of computers the user can log on to from there.

Disadvantages?  Depends on your scenario.  If it's like most offices where everybody pretty much has their own PC the only disadvantage is your effort of filling in who can use which PC, other then that it's a security improvement as you say.  If users roam around PCs in your office the disadvantages are that you'll have to add most PCs to the "allowed list" for each user so you almost negate the security benefits of the exercise and make a lot of work for yourself.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18788370
I have all the users who access a machine iassist ,Citrix can i add this particular user to all users through a bat file or so
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788491
I'm a bit confused what you're asking?

Assuming your asking if you can add a particular user to all computers with a script, I don't know how to do it unfortuantely.  You can make lots of changes to users with the "dsmod" command line tool, but changing the computers they're allowed to log on to isn't one of the options you can change.  There may be a lower-level tool (command line version of ADSIEdit) that could manage it but I'm not aware of it.  It may be possible to do it through Group Policy either, but I've never tried so am not sure how you would go about it.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18789849
can you explain how Citrix fits into the question?  you didn't mention anything about Citirix in your initial question.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18790163
My question is i need to add a computer to every a user that he uses and one more question is can we add 1 computer to all the users as all the users use citrix to connect for work.
Is there a script that can do it.add 1 computer to all users
Regards
Sharath
0
 
LVL 11

Accepted Solution

by:
Zenith63 earned 500 total points
ID: 18791567
To add one computer to multiple users - In Active Directory Users & Computers select all the users you want to add the computer to using the CTRL key and the left mouse button.  Then right click one of the selected users and select Properties. Open the Account tab. Put a tick beside "Computer Restrictions"then press the "Log on to..." button and add the computer there that all these users should be able to use.  All selected accounts will be updated with this computer in their lists.

There's no certain way for Active Directory to know which computer a user uses "usually" so you're going to have to configure this initial bit manually IMHO.
0

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now