Restrictions on users?

  • Thread starter Thread starter Dooma
  • Start date Start date
D

Dooma

I want to put restrictions on a certain user in my active directory(like
roaming profile in NT). The user will need to logon to several computers
using the same user name and password. I am new to AD. Where do I start?
 
If you want to make them able to login on several computers, just create
user account.
If you want to restrict them to several computers, you can do it in several
ways. First, by listing allowed computers in "Log on to" property (found
under account tab). But this feature will only work if NetBIOS is installed,
and is limited to 8 computers I believe.

The other way is to configure security policies by restrictin "log on
locally" privilege on a given computers to a certain accounts only. This is
a bit more complicated (requires these computers to have the same or similar
security policies applied, which is not always possible), but more
reliable - will work without NetBIOS enabled and even if that computer is
disconnected from the network (as long as the policy applied).
 
Dmitry Korolyov said:
If you want to make them able to login on several computers, just create
user account.
If you want to restrict them to several computers, you can do it in several
ways. First, by listing allowed computers in "Log on to" property (found
under account tab). But this feature will only work if NetBIOS is installed,
and is limited to 8 computers I believe.

The other way is to configure security policies by restrictin "log on
locally" privilege on a given computers to a certain accounts only. This is
a bit more complicated (requires these computers to have the same or similar
security policies applied, which is not always possible), but more
reliable - will work without NetBIOS enabled and even if that computer is
disconnected from the network (as long as the policy applied).
 
Sorry I was not more clear about what I wanted to do. I wanted a certain
user account to have restrictions on not to install any software, change IE
settings, change background, screen saver and others. This user account will
be able to logon to any computer but can still carry restrictions.
 
It sounds like you want to start using some security
policies. You can see all of the local policies on each
2000 or later machine by checking out the local security
policy under administrative tools.

To create domain wide policies (this is what you are
talking about) then you'd need to hop on one of your 2000
servers and create them there.

Refer to the following MS article, it is exactly the
opposite (allowing permissions) but from it you should be
able to see what to do.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;320065
 
Back
Top