Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

How do I restrict Netbook to a single domain user based on Computer name

Dear team

We have 1500 student netbooks floating around at our school which has Windows 7 working fine . Problem we are having is other students who do not have netbooks using their friends netbooks which we wanted to stop happening this.

Netbooks are named in yr7-abc0001 format where abc0001 is their student ID. This student ID is also their domain user account which is used to logon to their netbooks. So I need some kind of assistance where I can lock the netbook to the owner so others cant logon.

Has anyone came across to sort this out,, any script that we can implement to stop other students using the netbooks.

I had no luck with VB scripting.... please help help
  • 2
  • 2
1 Solution

1) right click on active directory users name

2) go to account tab

3) click on Log on to button

4) it will open logon workstation window.

5) add computer name for that particular user or student.

now only that particular user can login into that netbook.

i also attach the screen shot.

is there any issues let me know.

"now only that particular user can login into that netbook"

should say

"now  that particular user can login into that netbook *only*"

The solution shown restricts where the USER can logon; not who can logon to that COMPUTER.  Other users (who aren't so restricted) can still logon to that computer.  This would only work if you apply the setting to *every* student.

If I understand you, you want to make sure that only a particular student (plus some set of grown-ups - support staff, etc) can logon to each netbook.

I recommend using AD Group Policy to restrict interactive logon to only local Administrators, plus a new local group (created on each computer) called "AssignedStudent" or somesuch.

Then, either in device deployment or after the fact, you'd script adding a single domain user to this AssignedStudent local group.  The same script can be run on all computers, as it will build the name of the AD user to add to the local group (student account) from the laptop name.

Ideas for scripting to pull the laptop name and add a user to a local group using PowerShell can be found here:

Get Computer Name (and put it in a variable)

Add domain user to local group

Hope that gives you some ideas about how to solve this problem.
balwynhighAuthor Commented:
Yes the solution which was posted by Gaurov restricts the USER to where he can logon and not who can logon to the computer.

I would be able to setup the above solution in answer file when I image the new netbooks.

However I need a solution to fix the existing 600 netbooks with able to restrict only the owner of the netbook can logon and not others.

Work I have done so far which I am hoping you guys can shed some light on this:::

-- with Group policy I have removed Authenticated Users, Interactive, Domain Users from LOCAL USERS group. Which stopped domain users to be able to logon
-- Created a VB script to add domain user based on computer name (Luckily we have included students logon IDs in the computer name).. I was able to fetch the username from Computer name but the Problem with this script is It wouldn't add the user to LOCAL USERS group. I am thinking that it needs domain authentication for adding a domain user to LOCAL USERS group(domain\username).

Please can someone look at the code attached and modify so that it meets our requirements. Even if you guys can provide me powershell script to achieve this task much appreciated.

Thanks in anticipation.

Option Explicit 
Dim objAdmins, objUser, strComputer, userName, wshShell

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputer = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
WScript.Echo "Computer Name: " & strComputer

On Error Resume Next

Set objAdmins = GetObject("WinNT://" & strComputer & "/Users")

userName = Right(strComputer,8)

WScript.Echo "uSER Name: " & userName
Set objUser = GetObject("WinNT://balwynhs" & "/" & userName)

Open in new window

Try something like this...

Option Explicit

Dim objLocalGroup, objDomainUser

' Bind to local group object.
Set objLocalGroup = GetObject("WinNT://MyComputer/MyGroup,group")

' Bind to domain user object.
Set objDomainUser = GetObject("WinNT://MyDomain/JSmith,user")

' Check if user already a member of group.
If (objLocalGroup.IsMember(objDomainUser.ADsPath) = False) Then
    ' Add domain user to local group.
End If 

Open in new window

More discussion around this topic available here:

Hope that does the trick!
balwynhighAuthor Commented:
Thanks for all your hints.

I got it working by building a powershell script and that worked great.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now