Re: the "net computer" command

nospam.please_at_ualberta.ca
Date: 04/02/04

  • Next message: Martin Braun: "Re: physical drive without Admin rights / Tool found!!!" 
    Date: Fri, 02 Apr 2004 20:28:04 GMT

    There are probably some commandline tools to do this, but I haven't looked
    lately.

    If the workstation is NT4, If you run "user manager for domains" (usrmgr.exe,
    not musrmgr.exe) on the server or another workstation, either NT4 or
    Win2k/XP, in the user/select domain menu you can enter the computer's name as
    the domain name, and it will let you make changes to that computer's user
    groups, etc. remotely. User manager for domains does not come with
    workstation, just with NT4 server, but you can copy it to a workstation and
    run it from there.

    For a Win2k/XP workstation, from another Win2k/XP workstation or server, in
    computer management you can choose "connect to another computer", where you
    can modify the local users and groups on the remote workstation.

    The whole idea here is that you set up some permissions, etc. once on the
    workstation, and assign them to a global group, either directly, or by putting
    a global group into a local group that has rights assigned to it. After that,
    you change an individual user's rights by moving them in and out of the global
    group, which can all be done on the server and/or remotely. The workstation
    settings never deal directly with individual users, just with groups.

    It's like when you drive down the road and you stop because some policeman
    tells you to. You were never told that that individual was allowed to stop
    you, just that a member of the police was allowed to. Someone else then
    chooses whether to allow an individual to wear the uniform or not (and you
    take their word for it).

    In article <1694901c417a1$23185ff0$a501280a@phx.gbl>,
    <anonymous@discussions.microsoft.com> wrote:
     |Hi, thanks it is clear. Could you please tell me how to
     |add users into workstation's local user group through a
     |command from the PDC?
     |
     |Thanks
     |>-----Original Message-----
     |>You should leave the computer in the domain, and then
     |just remove everyone
     |>from the local users group on the machine, and put the
     |one user you want into
     |>the local users group - then they will be the only user
     |that the machine
     |>recognizes (except for local&domain administrators).
     |>By default, the global "domain users" group is added to
     |the local "users"
     |>group when a machine joins the domain - this is why
     |everyone can log into the
     |>machine.
     |>
     |>If you are talking about doing this with multiple people
     |(but only one of them
     |>at a time to be allowed to log in), you could create a
     |global group named
     |>something like "bobusers" if the machine were named bob,
     |then put this group
     |>(and no one else) into the local users group on bob, then
     |you can control
     |>access to bob by just moving a user in or out of the
     |group bobusers.
     |>
     |>If you assign rights by groups like this, then you do not
     |need to modify the
     |>rights to make a change, just who the group members are.
     |>
     |>I hope this is reasonably clear, and helps.
     |>
     |>In article <1631001c41725$7bd211d0
     |$a301280a@phx.gbl>, "Brumoon"
     |><brumoon@apiit.lk> wrote:
     |> |I am having problems with the net computer command. Any
     |> |one here used it?
     |> |It seems fine when I delete a computer from the
     |> |domain "net computer \\comp /del",
     |> |but when I add it back to the domain "net computer
     |> |\\comp /add", it doesnt allow
     |> |domain users to login, saying the computer is not
     |> |availabel in the domain!! HELP!
     |> |
     |> |Anyway, the reason why I require this is to enable a
     |policy
     |> |of booking a specifc computer by a specific user. Since
     |> |any one can use the computer I have decided to take the
     |> |computer out of the domain as the solution for stopping
     |> |users from logging in. When the user who has booked the
     |> |computer comes in, I will add the computer to the
     |domain
     |> |and let him use it. But the /add doesnt work. I have
     |tried
     |> |net user /workstation command to restrict users to
     |> |specific machines but it doesnt STOP people from
     |logging
     |> |into specific machines!
     |> |
     |> |Any light into this dark area would be appreciated!
     |> |
     |> |Sorry if the question sounds stupid and there is a very
     |> |simple answer to it!
     |> |
     |> |== Visit Sri Lanka, Paradise Regained ==
     |>
     |>--
     |>You can take my advice. Or leave it. Just remember what
     |you paid for it.
     |>.
     |>

  • Next message: Martin Braun: "Re: physical drive without Admin rights / Tool found!!!"

    Relevant Pages

    • Share connections drop
      ... Windows 2003 Server standard edition SP2 with one drive share and 5 ... Workstation Windows XP SP2 Pro. ... If you go to command prompt and issue a net ... so it won't drop any connections. ...
      (microsoft.public.windows.server.networking)
    • Re: How to change the default config away from using proxy
      ... Post the install.ins from the server. ... the command in the article. ... Here is the section from a non-ISA SBS 2003 ... I missed the command/apps you suggested I run on the workstation, ...
      (microsoft.public.windows.server.sbs)
    • Re: Locating the Domain Server
      ... You can run a command SET in the command prompt on the workstation to know ... the LOGON server... ... > The Domain Controllers are usually listed in the "Domain Controllers" ...
      (microsoft.public.exchange2000.active.directory.integration)
    • Re: Do I need TS to manage AD in 2003?
      ... you can connect to the console of the server from any ... workstation or server which has the rdp client installed (version ... You can use the mstsc command from whatever directory you are, ... If you connect from a workstation within the same domain as the ...
      (microsoft.public.windows.terminal_services)
    • Newbie-Question about cached credentials.
      ... I have set up my server with about 5-10 users. ... user can still log into there machine with cached credentials but why is that ... user not acctually in the local users group on the workstation? ...
      (microsoft.public.windows.server.sbs)