Jump to content

Restrict logon to in AD

jorrig

By jorrig
in Windows 2000/2003/NT4

 Share

Recommended Posts

jorrig

jorrig

Posted
Posted

I want to restrict a group of users to only be able to logon to the domain using specific computers.

I am using Windows Server 2003 AD. I want to restrict my students only to be able to logon to student computers and not to our staffs computers.

I am having about 300 students and 70 computers.

Does anyone have a tip about this?

//Rignell

Link to comment
Share on other sites

Eleo

Eleo

Posted
Posted

Windows Server 2003 is pretty new to me, but I think this is where creating a subdomain or child domain would be useful. I believe you can create a child domain by starting Run and typing in dcpromo. Perhaps then you have those student computers join that subdomain. It may be that staff and students can log onto student workstations but students can't log onto staff workstations that way, because they exist in a subdomain or "child" domain as opposed to a "forest" domain.

I may be entirely wrong though. That's just a guess. Anyone feel free to correct me.

Link to comment
Share on other sites
MadGutts

MadGutts

Posted
Posted

Not 100% sure on this but;

if you go into a users settings, i'm sure you can restrict the times and pc's they can use - You can on 2000 server....

Win 2k =

Double click the user

click the Account tab

click "Log on to..." for the computers and add the machines

click "Log on hours" for the times.

This will have to be done with each user though... I don't know if 2k3 will let you do this via a group policy though...

I believe you can create a child domain by starting Run and typing in dcpromo
I think this only to setup the domain. To make a child domain you would need another server. Each server then is a branch of the tree. I don't know of any way to create seperate domains on 1 server... Again, i may be wrong here :D

Hope this helps :thumbup

Link to comment
Share on other sites
jorrig

jorrig

Posted
  • Author
Posted

Thanks for your answers!

I know that i can select all users in the OU and then select properties to add the workstations that they will have access to, but I cannot add more than 64 computers! And I got about 75 computers!

So if anyone else knows any quicker and better way to set the restrictions to which computers they can log on to it would be great!

Link to comment
Share on other sites
MadGutts

MadGutts

Posted
Posted

I think your best option would be another server, running another domain... then all the students can log on there, and the staff can log onto the other server then you just need a one way trust between the servers...

Hope that helps...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...