Blocking Accounts on Certain PC's

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have some employees at my business who use our training accounts to log
into certain PC's to surf the web/etc. No matter how often we tell them some
keep using these accounts and not their own. What is the best way to block
certain accounts from accessing these PC's but still be active so they can be
used elsewhere? Our PC's are running XP Professional and servers are running
2003.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You need to assign a strong password to the accounts you
do not want others to access. Have you tried that?

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

"Reid L." wrote:

| I have some employees at my business who use our training accounts to log
| into certain PC's to surf the web/etc. No matter how often we tell them some
| keep using these accounts and not their own. What is the best way to block
| certain accounts from accessing these PC's but still be active so they can be
| used elsewhere? Our PC's are running XP Professional and servers are running
| 2003.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

We can't use private passwords on these accounts. They are used by all
new-hires going through training. I was hoping there is a way to restrict
log-in on certain PC's.

"Carey Frisch [MVP]" wrote:

> You need to assign a strong password to the accounts you
> do not want others to access. Have you tried that?
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
> Microsoft Newsgroups
>
> Get Windows XP Service Pack 2 with Advanced Security Technologies:
> http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx
>
> -------------------------------------------------------------------------------------------
>
> "Reid L." wrote:
>
> | I have some employees at my business who use our training accounts to log
> | into certain PC's to surf the web/etc. No matter how often we tell them some
> | keep using these accounts and not their own. What is the best way to block
> | certain accounts from accessing these PC's but still be active so they can be
> | used elsewhere? Our PC's are running XP Professional and servers are running
> | 2003.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

How do I show or hide an user account in the Welcome Screen?
http://www.winxptutor.com/showhideacc.htm

How to Hide your User Account on the XP Welcome Screen
http://www.webspinnerstudios.com/how-to/network/windows/hide_account.htm

Administrator and Users on the Welcome Screen
http://www.kellys-korner-xp.com/xp_wel_screen.htm

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

"Reid L." wrote:

| We can't use private passwords on these accounts. They are used by all
| new-hires going through training. I was hoping there is a way to restrict
| log-in on certain PC's.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Reid L." <Reid L.@discussions.microsoft.com> wrote in message
news:AFB88CB3-8DEB-4EA2-9D2D-10D72A8459B1@microsoft.com...
>I have some employees at my business who use our training accounts to log
> into certain PC's to surf the web/etc. No matter how often we tell them
> some
> keep using these accounts and not their own. What is the best way to block
> certain accounts from accessing these PC's but still be active so they can
> be
> used elsewhere? Our PC's are running XP Professional and servers are
> running
> 2003.

In Active Directory Users and Computers, open up that user account and you
can define the computers that it may be used on. This would work if you
have some kind of training lab where this training happens.

To do it the other way around, you can edit the security policy of your
computer to "Deny logon locally" to these training accounts. See
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/537.mspx
(this can be done manually on each machine, or use Group Policy in your
domain.)


--
Colin Nash
Microsoft MVP
Windows Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

As long as you're using passwords that are widely known, no, you can't stop anyone from using the computer. Through your domain policies, you can restrict, I believe, what machines a particular user can log on to.

In Active Directory, Users and Computer, locate the user name and right click it, then select Properties. Click the Account tab, and you'll see two buttons. Log on Hours and Log on To....... You can restrict what workstations a particular user can log on to. You can limit your training accounts to specific computers.

Additionally, if you find an employee using your training accounts for other than their intended use, fire them. Ensure that your current IT Policy Statement clearly defines what is and is not appropriate use for these accounts, and list the possible consequences of misusing these accounts. Have every employee read the policy and obtain a signed acknowledgement form stating they have read it and are aware of the consequences. Make an example of one person and the rest will fall in line.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Reid L." <ReidL@discussions.microsoft.com> wrote in message news:6CC1332C-36D9-42BD-B1CD-4314BB2092AD@microsoft.com...
> We can't use private passwords on these accounts. They are used by all
> new-hires going through training. I was hoping there is a way to restrict
> log-in on certain PC's.
>
> "Carey Frisch [MVP]" wrote:
>
>> You need to assign a strong password to the accounts you
>> do not want others to access. Have you tried that?
>>
>> --
>> Carey Frisch
>> Microsoft MVP
>> Windows XP - Shell/User
>> Microsoft Newsgroups
>>
>> Get Windows XP Service Pack 2 with Advanced Security Technologies:
>> http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx
>>
>> -------------------------------------------------------------------------------------------
>>
>> "Reid L." wrote:
>>
>> | I have some employees at my business who use our training accounts to log
>> | into certain PC's to surf the web/etc. No matter how often we tell them some
>> | keep using these accounts and not their own. What is the best way to block
>> | certain accounts from accessing these PC's but still be active so they can be
>> | used elsewhere? Our PC's are running XP Professional and servers are running
>> | 2003.
>>