[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How do I restrict Netbook to a single domain user based on Computer name

Posted on 2011-09-14
5
Medium Priority
?
326 Views
Last Modified: 2012-05-12
Dear team

We have 1500 student netbooks floating around at our school which has Windows 7 working fine . Problem we are having is other students who do not have netbooks using their friends netbooks which we wanted to stop happening this.

Netbooks are named in yr7-abc0001 format where abc0001 is their student ID. This student ID is also their domain user account which is used to logon to their netbooks. So I need some kind of assistance where I can lock the netbook to the owner so others cant logon.

Has anyone came across to sort this out,, any script that we can implement to stop other students using the netbooks.

I had no luck with VB scripting.... please help help
0
Comment
Question by:balwynhigh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:gaurav05
ID: 36541148
Hi,

1) right click on active directory users name

2) go to account tab

3) click on Log on to button

4) it will open logon workstation window.

5) add computer name for that particular user or student.

now only that particular user can login into that netbook.

i also attach the screen shot.

is there any issues let me know.


ScreenShot005.bmp
0
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 2000 total points
ID: 36542530
"now only that particular user can login into that netbook"

should say

"now  that particular user can login into that netbook *only*"

The solution shown restricts where the USER can logon; not who can logon to that COMPUTER.  Other users (who aren't so restricted) can still logon to that computer.  This would only work if you apply the setting to *every* student.

If I understand you, you want to make sure that only a particular student (plus some set of grown-ups - support staff, etc) can logon to each netbook.

I recommend using AD Group Policy to restrict interactive logon to only local Administrators, plus a new local group (created on each computer) called "AssignedStudent" or somesuch.

Then, either in device deployment or after the fact, you'd script adding a single domain user to this AssignedStudent local group.  The same script can be run on all computers, as it will build the name of the AD user to add to the local group (student account) from the laptop name.

Ideas for scripting to pull the laptop name and add a user to a local group using PowerShell can be found here:

Get Computer Name (and put it in a variable)

Add domain user to local group

Hope that gives you some ideas about how to solve this problem.
0
 

Author Comment

by:balwynhigh
ID: 36546554
Yes the solution which was posted by Gaurov restricts the USER to where he can logon and not who can logon to the computer.

I would be able to setup the above solution in answer file when I image the new netbooks.

However I need a solution to fix the existing 600 netbooks with able to restrict only the owner of the netbook can logon and not others.

Work I have done so far which I am hoping you guys can shed some light on this:::

-- with Group policy I have removed Authenticated Users, Interactive, Domain Users from LOCAL USERS group. Which stopped domain users to be able to logon
-- Created a VB script to add domain user based on computer name (Luckily we have included students logon IDs in the computer name).. I was able to fetch the username from Computer name but the Problem with this script is It wouldn't add the user to LOCAL USERS group. I am thinking that it needs domain authentication for adding a domain user to LOCAL USERS group(domain\username).

Please can someone look at the code attached and modify so that it meets our requirements. Even if you guys can provide me powershell script to achieve this task much appreciated.

Thanks in anticipation.




Option Explicit 
Dim objAdmins, objUser, strComputer, userName, wshShell

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputer = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
WScript.Echo "Computer Name: " & strComputer

On Error Resume Next

Set objAdmins = GetObject("WinNT://" & strComputer & "/Users")

userName = Right(strComputer,8)

WScript.Echo "uSER Name: " & userName
Set objUser = GetObject("WinNT://balwynhs" & "/" & userName)
 
objAdmins.Add(objUser.ADsPath)

Open in new window

0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36548867
Try something like this...

Option Explicit

Dim objLocalGroup, objDomainUser

' Bind to local group object.
Set objLocalGroup = GetObject("WinNT://MyComputer/MyGroup,group")

' Bind to domain user object.
Set objDomainUser = GetObject("WinNT://MyDomain/JSmith,user")

' Check if user already a member of group.
If (objLocalGroup.IsMember(objDomainUser.ADsPath) = False) Then
    ' Add domain user to local group.
    objLocalGroup.Add(objDomainUser.ADsPath)
End If 

Open in new window


More discussion around this topic available here:
http://social.technet.microsoft.com/Forums/en/ITCG/thread/7b7a57f9-a498-4d19-bea0-afa18098cb97

Hope that does the trick!
0
 

Author Comment

by:balwynhigh
ID: 36557535
Thanks for all your hints.

I got it working by building a powershell script and that worked great.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question