Solved

Using GPO to restrict a domain USERID to a specific set of machines

Posted on 2011-09-22
2
148 Views
Last Modified: 2012-06-11
Small school environment. At no time does a student login without domain credentials. But in lower grades, all the kids in Kindergarten share the same USERID, which is K1.  I want it so that USERID K1 can ONLY be used on the PC's in room K1, where a teacher is watching.  

My problem: Upper school students have unique USERIDs, but logon around the school as K1, to disguise their surfing behavior.

I need to make it so that K1 can only be used on the PC's in room K1, and K2 can only be used on the PC's in K2. I do NOT need to do the reverse, which would be to make the PC's in rooom K1 accept only K1 as a logon id.  

I'm not finding the GPO that would let me control this.  
0
Comment
Question by:bobzilla51
2 Comments
 
LVL 42

Accepted Solution

by:
Amit earned 250 total points
ID: 36582164
You can use Allow logon locally option in GPO.

http://support.microsoft.com/kb/247989

The user whom you want to login, add it to allow and for rest use deny option.
0
 

Author Comment

by:bobzilla51
ID: 36582229
If I'm reading this correctly, this doesn't do what I need.
I don't want anyone to logon locally. I need the Domain controller to assign permissions and shared resources, etc.
I just want K1 USERID restricted to a certain set of machines.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question