Sign in with
Sign up | Sign in
Your question

Restricted local access

Last response: in Windows XP
Share
August 1, 2005 3:03:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello
In a Server 2003 environmnet with XP workstations, I need to restrict
workstation access on a given computer to one specific user and prevent
others to use that worstation with their own logon on it. (they have their
own computer that they can use the front desk ones are so handy and close
by...)

I am considering using group policies to acheive this but isn't there a
easier way to specify that workstation x is only to accept logon from user x.
Sort of like: allow this worstation (or MAC address) to accept only this user
logon?

Thanks
Aldo
August 1, 2005 4:00:58 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Aldo wrote:

> Hello
> In a Server 2003 environmnet with XP workstations, I need to restrict
> workstation access on a given computer to one specific user and
> prevent others to use that worstation with their own logon on it.
> (they have their own computer that they can use the front desk ones
> are so handy and close by...)
>
> I am considering using group policies to acheive this but isn't there
> a easier way to specify that workstation x is only to accept logon
> from user x. Sort of like: allow this worstation (or MAC address) to
> accept only this user logon?
>
> Thanks
> Aldo

Why don't you just disable all other user accounts except for the one
you want on the machine? Then if the one person allowed to use the
machine doesn't give out his/her password, no one else can get on. I'm
assuming your users aren't administrators. Just don't disable the
administrator account!

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Anonymous
August 1, 2005 8:04:35 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In a domain environment, with roaming profiles, you can't restrict access this way, since its not a local account. Its a domain account, and can log into any workstation where it has permissions. You can use practice pools, but that can be a time consuming process.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Malke" <invalid@not-real.com> wrote in message news:%23cYabtslFHA.360@TK2MSFTNGP09.phx.gbl...
> Aldo wrote:
>
>> Hello
>> In a Server 2003 environmnet with XP workstations, I need to restrict
>> workstation access on a given computer to one specific user and
>> prevent others to use that worstation with their own logon on it.
>> (they have their own computer that they can use the front desk ones
>> are so handy and close by...)
>>
>> I am considering using group policies to acheive this but isn't there
>> a easier way to specify that workstation x is only to accept logon
>> from user x. Sort of like: allow this worstation (or MAC address) to
>> accept only this user logon?
>>
>> Thanks
>> Aldo
>
> Why don't you just disable all other user accounts except for the one
> you want on the machine? Then if the one person allowed to use the
> machine doesn't give out his/her password, no one else can get on. I'm
> assuming your users aren't administrators. Just don't disable the
> administrator account!
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
Anonymous
August 1, 2005 8:07:39 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

This article has the tip you need:

http://www.windowsitpro.com/Article/ArticleID/20902/209...

The LOGOFF utility that it references (NT4) is already in Windows XP.

Create an empty text file in the Netlogon directory of the server with the filename

<username>.<computername> (example: bobd.workstation3) And then create/modify the domain logon script, using the example cited in the above article. It should work the same way in XP as it did in NT4.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Aldo" <Aldo@discussions.microsoft.com> wrote in message news:B2304D63-F53B-4F24-AE23-542C7EE9CB53@microsoft.com...
> Hello
> In a Server 2003 environmnet with XP workstations, I need to restrict
> workstation access on a given computer to one specific user and prevent
> others to use that worstation with their own logon on it. (they have their
> own computer that they can use the front desk ones are so handy and close
> by...)
>
> I am considering using group policies to acheive this but isn't there a
> easier way to specify that workstation x is only to accept logon from user x.
> Sort of like: allow this worstation (or MAC address) to accept only this user
> logon?
>
> Thanks
> Aldo
!