|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Restricted groupsHi,
I belive it possible in Active Directory to create a new Domain User, and configure AD to only allow that user to log onto a restricted set of computers and/or contents of OUs. Does anyone know the steps using the Active Directory GUIs to achieve this? thanking you in advance, Adrian Adrian Dev wrote:
> Hi, You can restrict the user so they can only logon to specified workstations. > > I belive it possible in Active Directory to create a new Domain User, and > configure AD to only allow that user to log onto a restricted set of > computers and/or contents of OUs. Does anyone know the steps using the > Active Directory GUIs to achieve this? You do this on the Account tab of the user properties dialog in Active Directory Users and Computers. Click on the button "Log On To...", select "The following computer" and enter the NetBIOS names of the computers the user is allowed to use. You have to list all of the computers. You cannot select all computers in an OU. The other way to do this is via user rights. You can create a GPO and link
it to the OU in question and filter it to only apply to a new group that contains the computers that you don't want this user or users to logon to. In that GPO, you then deny logon locally user right to a group that contains the user or users. Note. The above assumes that the computers and users are children of the OU that you link the GPO to. -- Paul Williams Microsoft MVP - Windows Server - Directory Services http://www.msresource.net | http://forums.msresource.net In this instance my allowed set is much smaller than my not allowed set, so
I feel Richards suggestion may be less time consuming to set up, I'll have a play with it, Thank, Adrian Show quoteHide quote "Paul Williams [MVP]" <ptw2***@hotmail.com> wrote in message news:O1YlSoBRGHA.4452@TK2MSFTNGP12.phx.gbl... > The other way to do this is via user rights. You can create a GPO and link > it to the OU in question and filter it to only apply to a new group that > contains the computers that you don't want this user or users to logon to. > In that GPO, you then deny logon locally user right to a group that contains > the user or users. > > Note. The above assumes that the computers and users are children of the OU > that you link the GPO to. > > -- > Paul Williams > Microsoft MVP - Windows Server - Directory Services > http://www.msresource.net | http://forums.msresource.net > > 
Other interesting topics
Sites and Services problem with 2003 Server
How to add local admin acct. across a network? New employee, same computer -- what to do? ADAM sync problem restore sysvol Adding a local computer account into AD KDC Event ID 11 folder redirection, moving to new folders OWA only showing unread messages Adding USER in Adam |
|||||||||||||||||||||||
