Question:
How can I Limit a user account to a group of PC's?
dyinghardrive
2008-04-30 08:25:49 UTC
We are on a domain and have a network generic account

Students are using this generic account to access inappropriate websites so we can't now find out who is doing what with this account.

However we need this account for laptop use.

Is there a way to limit what PC's a user can log onto?

Note: This account needs to be available at any time of the day so setting logon hours is useless.
Seven answers:
Antwan B
2008-04-30 08:59:37 UTC
Yes, you can setup a GPO (Group Policy Object) to not allow the specific user account to log on locally to the other machines in the domain.



To do this, create a new GPO and link it to the OU (Organizational unit) where the other machine reside. The policy you most likely want to set will be located in: Computer Configuration -- Windows Settings -- Security Settings -- User Rights. In the right pane of user rights double click on the "Deny log on locally Properties", place a check mark in the Define these policy settings, then click on the Add User or Group.



Let me know if you have any questions.
Christopher S
2008-04-30 08:34:25 UTC
Are the laptops that need to use the account on the domain? If not, then set a group policy that disallows local logon to all the computers on the domain for that user. If the laptops are also on the domain, then separate the laptops and desktops into two groups in AD, then set the group policy as described above for the desktops, and set the policy to ALLOW local logon for the lappys.
enderjones
2008-04-30 08:32:41 UTC
Well your getting into some complexity. First of all what version of windows server are you using? And are you using DHCP for the computers?



Most audit companies frown big time on having generic logins, mostly because of the problem you are having. Abuse of the account.



Another issue you are going to run into is that, if you computers are DHCP, how are you going to block an IP addy if they change?



What exactly are you using the laptop for? Does it have to on the domain? Id say if possible make a local login on that laptop.



If you have a ton of students, I know you run into user account limit issues with windows servers, however you could go into a linux situation for the PDC. Have an account for each user and limit the group policies.
pak
2016-11-06 09:53:03 UTC
change over to the Administrator account and make all alterations on your person account. in case you could't then you certainly rather have a difficulty. I had this comparable problem quite a few months in the past and can desire to no longer deploy new utility unto my pc. I had my person account set with administrator privilages. It wasn't working. i could no longer be conscious of how the govt account privilage might desire to malfunction, yet it did. How I have been given my administration back became to reinstall the working device, as a restoration. with any luck you have your man or woman offered replica of your working device - WinXP / 2000 / Win98 you may set up a substantial administrator account with finished get admission to - with it rather is very own password, and set up someone account for your self with constrained get admission to. it rather is finished to help avert Virus an infection while you're on line (making use of your person account) and get a virulent disease - you could run antivirus classes, upload and eliminate classes, and make alterations to all debts from the main significant directors account. the way your pc is responding staggering now's surely appropriate, different than that "you could't get admission to the directors account the two" (i anticipate it is the case) in case you are trying this you may loose all your settings, including exhibit screen saver, default digital mail application, initiate Menu alterations, and you'll be able to desire to have some added icons take place interior the taskbar which you had earlier disabled. it is bothersome to try this, yet till somebody else has a softer, greater convenient way, this could be your merely option to earnings back administration
Troy G
2008-04-30 08:32:20 UTC
Options:

1. Make Domain user accounts for each student

2. Apply filters & restrictions to IE for that generic user account.



Yes, you can allow certain domain users to log in to specific PC's and not on to others. It is all in Active Directory, and it would take way to long to explain how to do all of this. Buy Windows Server 2003 (I assume that is what you are using) or Active Directory for Dummies. I am serious.
2008-04-30 09:41:14 UTC
Simply set up one account on this machine, make it an admin account. Nobody else will be able to use it.
Suhas Gorade
2008-04-30 09:04:27 UTC
JUST OPEN U R INTERNET EXPLORER => INTENT OPTION => SECURITY => CLICK ON RESTRICTED SITES =>

THEN ADD THOSE SITES WHICH WANT TO BLOCK THEN GIVE PASSWORD TO INTERNET EXPLORER FOR SETTING

IT WILL WORK.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...