Small school environment. At no time does a student login without domain credentials. But in lower grades, all the kids in Kindergarten share the same USERID, which is K1. I want it so that USERID K1 can ONLY be used on the PC's in room K1, where a teacher is watching.
My problem: Upper school students have unique USERIDs, but logon around the school as K1, to disguise their surfing behavior.
I need to make it so that K1 can only be used on the PC's in room K1, and K2 can only be used on the PC's in K2. I do NOT need to do the reverse, which would be to make the PC's in rooom K1 accept only K1 as a logon id.
I'm not finding the GPO that would let me control this.