General discussion

Locked

Restricting Login by Client IP Address

By aaube ·
Is it possible to configure a user account's settings so that the user can only log in from machines with certain IP Addresses?

I know very little about Windows NT/2000 server administration, so any answer given must be fairly detailed to be useful.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Restricting Login by Client IP Address

by maxwell edison In reply to Restricting Login by Clie ...

You can do that by following the configuration instructions found in an article titled "Authentication Using IP Address", which can be found at the following link:

http://www.15seconds.com/issue/981104.htm

(REMOVE SPACES from the pasted URL)

"This article explains how to control application access by validating the user’s login and password against a database. Once validated, the IP address of the machine they are using is checked at the top of every page. What a given user canor can't do (that is, the security levels) is now handled easily."

Good luck,

Maxwell

Collapse -

Restricting Login by Client IP Address

by aaube In reply to Restricting Login by Clie ...

I'm looking for a way to control Win2k Terminal Services logons, not access to a web site using ASP.

Collapse -

Restricting Login by Client IP Address

by FaisalMasood In reply to Restricting Login by Clie ...

No there is no way that you can restrict users by IP. You can restrict users by Computer names.

Try this.. Im using it on my Win2000 network.

1) Go to Administrative Tools > Active directory Users & computers
2) Go to users & select the user U want to restrict.
3) Right click & properties
4) Goto Account Tab
5) Click 'Logon to' button
6) select Following computers
7) then add the name of the Pc on which u want to allow the user to log on

For this method to work you must have WINSservice installed in your network. Otherwise it wouldn't work on w2k.

Additional:
You can use DHCP also with this method. Make sure DHCP service is installed. Then assign static IPs to clients. (I don't recommend this step on large networks.) This was the client's machines always get the same IP from DHCP & using above method they will only be allowed to logon to PCs mentioend in 'logon to' option.

Collapse -

Restricting Login by Client IP Address

by Shanghai Sam In reply to Restricting Login by Clie ...

Poster rated this answer

Collapse -

Restricting Login by Client IP Address

by aaube In reply to Restricting Login by Clie ...

I'll provide a little more background here. We are running Terminal Services. We plan to have clients on our LAN and remote clients from home and on the road.

For convenience sake, we want users on our LAN to not require passwords to log into theserver (our applications require passwords of their own, so this isn't that big of a security issue).

Obviously, we don't want accounts without passwords accessible over the Internet. We statically assign private IP addresses here based on station number, so it would make the most sense (and be simplest) to set each user account on our local LAN so that it can only log in from a single private IP Address.

This way users on the local LAN wouldn't require a password, but remote users would, and local LAN accounts would not be usable outside the LAN.

Collapse -

Restricting Login by Client IP Address

by aaube In reply to Restricting Login by Clie ...

Found a small DOS utility - clientip.exe. It outputs the IP Address of the client logging in, then ends (no other output).

I now need a script that will take this output and verify it against known correct data, something like this:

clientip.exe > IPADDR
if %USERNAME%="USER075" and NOT %IPADDR%="10.0.0.175" then logoff

Unfortunately, I don't know the exact syntax to do this in a Windows batch file. If anyone can give me a working example script, I'll give them the points.

Collapse -

Restricting Login by Client IP Address

by aaube In reply to Restricting Login by Clie ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums