Solved

How can we give permissions for a user to access only a particular machine

Posted on 2007-03-25
6
224 Views
Last Modified: 2010-04-20
Hi,

What is the option in ADS where we can specify that a user only can login to his machine .This will improve the security in the company that we have track on all the events.Can you tell me what will be the disadvntages in doing this.

Please give me a link in performing this.

Regards
Sharath
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788323
Open the user's properties in Active Directory Users & Computers, open the Account tab then click the Log on to... button, you can specify a list of computers the user can log on to from there.

Disadvantages?  Depends on your scenario.  If it's like most offices where everybody pretty much has their own PC the only disadvantage is your effort of filling in who can use which PC, other then that it's a security improvement as you say.  If users roam around PCs in your office the disadvantages are that you'll have to add most PCs to the "allowed list" for each user so you almost negate the security benefits of the exercise and make a lot of work for yourself.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18788370
I have all the users who access a machine iassist ,Citrix can i add this particular user to all users through a bat file or so
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18788491
I'm a bit confused what you're asking?

Assuming your asking if you can add a particular user to all computers with a script, I don't know how to do it unfortuantely.  You can make lots of changes to users with the "dsmod" command line tool, but changing the computers they're allowed to log on to isn't one of the options you can change.  There may be a lower-level tool (command line version of ADSIEdit) that could manage it but I'm not aware of it.  It may be possible to do it through Group Policy either, but I've never tried so am not sure how you would go about it.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 25

Expert Comment

by:mikeleebrla
ID: 18789849
can you explain how Citrix fits into the question?  you didn't mention anything about Citirix in your initial question.
0
 
LVL 11

Author Comment

by:bsharath
ID: 18790163
My question is i need to add a computer to every a user that he uses and one more question is can we add 1 computer to all the users as all the users use citrix to connect for work.
Is there a script that can do it.add 1 computer to all users
Regards
Sharath
0
 
LVL 11

Accepted Solution

by:
Zenith63 earned 500 total points
ID: 18791567
To add one computer to multiple users - In Active Directory Users & Computers select all the users you want to add the computer to using the CTRL key and the left mouse button.  Then right click one of the selected users and select Properties. Open the Account tab. Put a tick beside "Computer Restrictions"then press the "Log on to..." button and add the computer there that all these users should be able to use.  All selected accounts will be updated with this computer in their lists.

There's no certain way for Active Directory to know which computer a user uses "usually" so you're going to have to configure this initial bit manually IMHO.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question