Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Want to allow users to logon only to certain computers.

Posted on 2008-10-20
4
525 Views
Last Modified: 2012-05-05
I am looking to grant access to a generic lab user account to be able to logon only to one of our many lab computers.  I know I can use the sub "Logon To" tab under the user "Account" tab in ADUC to do this, but it appears that I can only add 1 PC at a time.  We have 100's of lab PCs, so I am looking for a way to do this through a text file, or some other process.

Thanks
0
Comment
Question by:SavedbyGrace
4 Comments
 
LVL 5

Accepted Solution

by:
DecKen earned 250 total points
ID: 22763544
How about doing the following:

Place all the Lab workstations into one OU in Active Directory (eg Domain\Lab Workstations).
Add your generic Lab account into a new OU such as Domain\Lab Accounts
Remove the Lab account from Domain\Domain Users group
Edit group policy for Domain\Lab Workstations to include Domain\Lab Accounts in the User group of all workstations in that OU

This will mean the generic account should be able to log into all Workstatins in that OU and not log into any other workstations in the domain.
 
0
 
LVL 11

Assisted Solution

by:AnthonyP9618
AnthonyP9618 earned 250 total points
ID: 22763995
A true lab should be completely separate from your production network, but I understand that this is not possible in all situations.  However, if you can... please, please, please keep them separate.

Here's what I would do....

Move the machines to their own OU, it would probably make sense to create the new OU somewhere under the current location of your Domain Computers.  For example, if your Domain Computers are located at contoso.com\Managed Computers, you would create a Lab OU at contoso.com\Managed Computers\Lab.  The reason for this is so that we can use inheritance.

Create a new GPO and link it to the new OU and give it a descriptive name.

Edit the GPO, under the User Rights Assignment, set the "Log On Locally" policy and only add the accounts you want to login to the computers you just moved to the Lab OU.  

When the computers finally get the policy updates, only the user accounts you added to the "Log on Locally" policy will be able to logon to the computer.  I would also suggest that you add an Administrative group to the same policy as well.  Domain Admins, or Lab Administrators...

Hope that helps.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question