Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
I want to restrict a group of users to only be able to logon to the domain using specific computers.
I am using Windows Server 2003 AD. I want to restrict my students only to be able to logon to student computers and not to our staffs computers.
I am having about 300 students and 70 computers.
Does anyone have a tip about this?
//Rignell
Page 1 of 1
Restrict logon to in AD
Rate Topic:
Back to top
#2
Posted 26 November 2004 - 12:36 AM
Windows Server 2003 is pretty new to me, but I think this is where creating a subdomain or child domain would be useful. I believe you can create a child domain by starting Run and typing in dcpromo. Perhaps then you have those student computers join that subdomain. It may be that staff and students can log onto student workstations but students can't log onto staff workstations that way, because they exist in a subdomain or "child" domain as opposed to a "forest" domain.
I may be entirely wrong though. That's just a guess. Anyone feel free to correct me.
I may be entirely wrong though. That's just a guess. Anyone feel free to correct me.
#3
- Mad Member!
-
- Group: Members
- Posts: 282
- Joined: 26-May 04
Posted 26 November 2004 - 07:44 AM
Not 100% sure on this but;
if you go into a users settings, i'm sure you can restrict the times and pc's they can use - You can on 2000 server....
Win 2k =
Double click the user
click the Account tab
click "Log on to..." for the computers and add the machines
click "Log on hours" for the times.
This will have to be done with each user though... I don't know if 2k3 will let you do this via a group policy though...
I think this only to setup the domain. To make a child domain you would need another server. Each server then is a branch of the tree. I don't know of any way to create seperate domains on 1 server... Again, i may be wrong here 
Hope this helps
if you go into a users settings, i'm sure you can restrict the times and pc's they can use - You can on 2000 server....
Win 2k =
Double click the user
click the Account tab
click "Log on to..." for the computers and add the machines
click "Log on hours" for the times.
This will have to be done with each user though... I don't know if 2k3 will let you do this via a group policy though...
Quote
I believe you can create a child domain by starting Run and typing in dcpromo
Hope this helps
#4
Posted 26 November 2004 - 08:01 AM
Thanks for your answers!
I know that i can select all users in the OU and then select properties to add the workstations that they will have access to, but I cannot add more than 64 computers! And I got about 75 computers!
So if anyone else knows any quicker and better way to set the restrictions to which computers they can log on to it would be great!
I know that i can select all users in the OU and then select properties to add the workstations that they will have access to, but I cannot add more than 64 computers! And I got about 75 computers!
So if anyone else knows any quicker and better way to set the restrictions to which computers they can log on to it would be great!
#5
- Mad Member!
-
- Group: Members
- Posts: 282
- Joined: 26-May 04
Posted 29 November 2004 - 06:18 AM
I think your best option would be another server, running another domain... then all the students can log on there, and the staff can log onto the other server then you just need a one way trust between the servers...
Hope that helps...
Hope that helps...
Share this topic:
Page 1 of 1