Win2k Server Add a Machine (instead of a User) to a Group

By mordacity ·
Is there any way to add a certain machine (by machine name, IP address, MAC ID, anything) to a specific Group? I know this seems like a strange request, but we're working with third-party software that can only assign profiles by Windows Users or Groups. I have one machine that I want to use the same profile, regardless of what User is logged in. So if I could create a group, add that MACHINE to it, and then set up a profile for that group, my problems would be solved.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

do you want users to sign in with different user accounts?

by CG IT In reply to Win2k Server Add a Machin ...

you can use a mandatory profile that all users use for that one machine and each user logs in using 1 user account and password. A mandatory profile will keep the same settings regardless of what users do during a session.

Security Groups typically are for users but you can create a security group for computers and put it in that container. However, permissions are user based not computer based. Your best bet would be to create a security template and apply them to that one computer or as mentioned use a mandatory profile that all must use to log on to that one machine. you can limit who can log on to what machine and isolated that one machine so that only that 1 user account can log on. All others would be denied access.


Collapse -

All Users have the same generic login

by mordacity In reply to do you want users to sign ...

We're a 24 hour call center with 3 shifts sharing the same workstations, so as far as Windows logins, they all use the same generic login (the tools the agents use have their own password-protected logins, and since they would all have the same Windows permissions anyway, and nobody has reason to create or save files to need a 'My Documents', having separate Windows logins would just be a time sink at shift change). So that's actually the problem - the third-party software we're working with is for web filtering, we have one machine we'd like to have less restriction on than the other workstations. It, however, uses the same generic Windows login. Since the filtering software only filters by Users or Groups, all these machines would have to have identical web filtering permissions, unless I can create a new Group for just that machine. We COULD create a new Windows login just for that machine for web access - but, being a 24 hour business, it's not uncommon to need to reboot a machine outside of office hours. So, either a lot of people would have to know the 'web access' login (and thus be able to abuse it on other machines) or every time there's a 2AM Windows lockup on that one I'll be getting out of bed just to come reboot it.

I did want to mention that right now we don't have a Domain Controller - if memory serves correctly I'd need to upgrade this Win2k server to Domain Controller and use Active Directory to add machines to a group, correct? If so, do you know if I'd have to recreate the existing users, or will they import?

Related Discussions

Related Forums