Improve company productivity with a Business Account.Sign Up

x
?
Solved

Using GPO to restrict a domain USERID to a specific set of machines

Posted on 2011-09-22
2
Medium Priority
?
164 Views
Last Modified: 2012-06-11
Small school environment. At no time does a student login without domain credentials. But in lower grades, all the kids in Kindergarten share the same USERID, which is K1.  I want it so that USERID K1 can ONLY be used on the PC's in room K1, where a teacher is watching.  

My problem: Upper school students have unique USERIDs, but logon around the school as K1, to disguise their surfing behavior.

I need to make it so that K1 can only be used on the PC's in room K1, and K2 can only be used on the PC's in K2. I do NOT need to do the reverse, which would be to make the PC's in rooom K1 accept only K1 as a logon id.  

I'm not finding the GPO that would let me control this.  
0
Comment
Question by:bobzilla51
2 Comments
 
LVL 45

Accepted Solution

by:
Amit earned 750 total points
ID: 36582164
You can use Allow logon locally option in GPO.

http://support.microsoft.com/kb/247989

The user whom you want to login, add it to allow and for rest use deny option.
0
 

Author Comment

by:bobzilla51
ID: 36582229
If I'm reading this correctly, this doesn't do what I need.
I don't want anyone to logon locally. I need the Domain controller to assign permissions and shared resources, etc.
I just want K1 USERID restricted to a certain set of machines.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question