General discussion

Locked

Domain logins with Win2K Server

By David Hughes ·
Is there a way for a Windows 2000 Server domain controller to restrict logins to only domain users on computers that reside in the domain. For example, domain user Joe should be able to login to the domain on domain machine JOESCOMP, but not on JOESLAP, which is a laptop not in the domain. I looked for ways to set this up using the Security snap-in, but couldn't find anything. I also checked in the Active Directory with no luck. Any help would be appreciated.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Domain logins with Win2K Server

by tony.colgrove In reply to Domain logins with Win2K ...

Find the user in AD Users and Computers and choose properties. On the account tab, click Logon to.. Add the JOESCOMP computer name in there and click OK.
Now JOE will be restricted to JOESCOMP.

Collapse -

Domain logins with Win2K Server

by David Hughes In reply to Domain logins with Win2K ...

I think I was misunderstood. I want all domain users to be able to login to the domain, but I want them to be able to do this only on computers that reside within the domain. Laptops or desktops outside of the domain should not be able to login tothe domain, even if the user that is logging in is a domain user.

Collapse -

Domain logins with Win2K Server

by kevin In reply to Domain logins with Win2K ...

Perform the previously mentioned steps on all user accounts in the domain and specify which computers can be used.

Collapse -

Domain logins with Win2K Server

by David Hughes In reply to Domain logins with Win2K ...

Your solution would only allow all users to log on locally to those computers. I need for all domain users to be able to log on to the domain, but only from computers within the domain. This would allow me to keep outside machines like laptopsor desktops connected to the internet from logging in.

Collapse -

Domain logins with Win2K Server

by bentgellerich In reply to Domain logins with Win2K ...

I'm trying to understand the question. Machines that are part of the domain can be controlled in terms of logon, but machines not part of the domain cannot be controlled with AD. If you want to prevent users from logging onto the domain, just don't join the machine to the domain. This will pervent users from logging onto the domain using external machines. As far as accessing network resources I don't know if theres much that can be done.

Eg. Joeslap plugs into an available rj-45, logs on locally. He accesses a network share, gets confronted by a security dialog and supplies his credentials. Short of physical security and/or client reservations for each IP available. don't know what else to suggest.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums