How do I restrict Netbook to a single domain user based on Computer name

Posted on 2011-09-14
Last Modified: 2012-05-12
Dear team

We have 1500 student netbooks floating around at our school which has Windows 7 working fine . Problem we are having is other students who do not have netbooks using their friends netbooks which we wanted to stop happening this.

Netbooks are named in yr7-abc0001 format where abc0001 is their student ID. This student ID is also their domain user account which is used to logon to their netbooks. So I need some kind of assistance where I can lock the netbook to the owner so others cant logon.

Has anyone came across to sort this out,, any script that we can implement to stop other students using the netbooks.

I had no luck with VB scripting.... please help help
Question by:balwynhigh
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 10

Expert Comment

ID: 36541148

1) right click on active directory users name

2) go to account tab

3) click on Log on to button

4) it will open logon workstation window.

5) add computer name for that particular user or student.

now only that particular user can login into that netbook.

i also attach the screen shot.

is there any issues let me know.


Accepted Solution

netjgrnaut earned 500 total points
ID: 36542530
"now only that particular user can login into that netbook"

should say

"now  that particular user can login into that netbook *only*"

The solution shown restricts where the USER can logon; not who can logon to that COMPUTER.  Other users (who aren't so restricted) can still logon to that computer.  This would only work if you apply the setting to *every* student.

If I understand you, you want to make sure that only a particular student (plus some set of grown-ups - support staff, etc) can logon to each netbook.

I recommend using AD Group Policy to restrict interactive logon to only local Administrators, plus a new local group (created on each computer) called "AssignedStudent" or somesuch.

Then, either in device deployment or after the fact, you'd script adding a single domain user to this AssignedStudent local group.  The same script can be run on all computers, as it will build the name of the AD user to add to the local group (student account) from the laptop name.

Ideas for scripting to pull the laptop name and add a user to a local group using PowerShell can be found here:

Get Computer Name (and put it in a variable)

Add domain user to local group

Hope that gives you some ideas about how to solve this problem.

Author Comment

ID: 36546554
Yes the solution which was posted by Gaurov restricts the USER to where he can logon and not who can logon to the computer.

I would be able to setup the above solution in answer file when I image the new netbooks.

However I need a solution to fix the existing 600 netbooks with able to restrict only the owner of the netbook can logon and not others.

Work I have done so far which I am hoping you guys can shed some light on this:::

-- with Group policy I have removed Authenticated Users, Interactive, Domain Users from LOCAL USERS group. Which stopped domain users to be able to logon
-- Created a VB script to add domain user based on computer name (Luckily we have included students logon IDs in the computer name).. I was able to fetch the username from Computer name but the Problem with this script is It wouldn't add the user to LOCAL USERS group. I am thinking that it needs domain authentication for adding a domain user to LOCAL USERS group(domain\username).

Please can someone look at the code attached and modify so that it meets our requirements. Even if you guys can provide me powershell script to achieve this task much appreciated.

Thanks in anticipation.

Option Explicit 
Dim objAdmins, objUser, strComputer, userName, wshShell

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputer = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
WScript.Echo "Computer Name: " & strComputer

On Error Resume Next

Set objAdmins = GetObject("WinNT://" & strComputer & "/Users")

userName = Right(strComputer,8)

WScript.Echo "uSER Name: " & userName
Set objUser = GetObject("WinNT://balwynhs" & "/" & userName)

Open in new window


Expert Comment

ID: 36548867
Try something like this...

Option Explicit

Dim objLocalGroup, objDomainUser

' Bind to local group object.
Set objLocalGroup = GetObject("WinNT://MyComputer/MyGroup,group")

' Bind to domain user object.
Set objDomainUser = GetObject("WinNT://MyDomain/JSmith,user")

' Check if user already a member of group.
If (objLocalGroup.IsMember(objDomainUser.ADsPath) = False) Then
    ' Add domain user to local group.
End If 

Open in new window

More discussion around this topic available here:

Hope that does the trick!

Author Comment

ID: 36557535
Thanks for all your hints.

I got it working by building a powershell script and that worked great.

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question