There may be a scripting solution, though I do not know of one offhand. A couple
things that would work is to modify the user right assignment in Local Security
Policy of the server to include only the users of the non XP Computers. That user
right is located under security settings/local policies/user rights - access this
computer from the network.
You could also use ipsec to control access to the server if all the other computers
are Windows 2000. The server could be configured with a require ipsec policy and the
Windows 2000 computers as client/respond policy. Then you would have to either use
preshared key or computer certificates as the computer authentication method.
Certificate is the preferred method for non domains as the preshared key is stored on
the computer in clear text though the computer user would need to be a local
administrator to configure ipsec policy in Local Security Policy for a computer. If
you are using a domain [I was assuming you were not at first], kerberos will be used
by default for ipsec and you could simply put the XP Pro computers in their own OU
and not assign an ipsec policy to them while having the other computers in their own
OU with the ipsec policy assigned. There is a limitation in ipsec in that domain
computers and domain members can not engage in ipsec negotiation so you need to keep
that in mind when configuring ipsec policies. The link below explains ipsec more if
you are interested. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://support.microsoft.com/?kbid=254949