Re: Possible to restict client logon byIP/Subnet?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

It is that I do not want them to logon to the domain, it is that this is a
school where the middle school and high school have individual usernames, and
the elementary schools have generic logon accounts. The high schoolers are
beginning to use the elementary accounts so that they can surf the Internet
anonymously. Just trying to find a way to keep the generic accounts from
being accessed by the upper level grades.

"Jorge Silva" wrote:

if you don't want to allow logon to certain machines or users just don't add
them to the domain.

--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

"Jame Howard" <JameHoward@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5B53FA45-8386-4EF4-B127-117A5F25B4FB@xxxxxxxxxxxxxxxx
This only works for domain computer accounts, and that is tedious. And
since
I still have Windows 98 computers the netbios restrictions on domain
computer
accounts, it does not work there. I have a generic logon that needs to
only
work for one subnet.......in Netware this was easy, you opened the user
account, went to restrictions, address restrictions and set the subnet up
that they could logon to.....DONE. I do not see why MS did not provide
the
same functionality.

"Jorge Silva" wrote:

Hi
Why not to allow logon only to certain machines, you can do that on user
account properties.

--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

"Jame Howard" <JameHoward@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:104E53C9-EAD9-4F8E-8950-4D2B26C8635B@xxxxxxxxxxxxxxxx
I know that in the Netware world, you are able to restrict logon's by IP
address and subnet. Is there or will there be a similar function in
Active
Directory beyond NETBIOS restrictions. This seems like a logical
enhancement
since AD records IP address entries of clients, there should be a way
to
filter out or restrict logons to certain IP's and subnets. Any
feedback
or
help will be greatly appreciated.




.

Relevant Pages

  • Re: Possible to restict client logon byIP/Subnet?
    ... You can control that ny using proxy or FW that restricts the access to the Net based on Subnet. ... school where the middle school and high school have individual usernames, ... the elementary schools have generic logon accounts. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Forest Trust: Restricting access to Domain in logon
    ... Jorge Silva ... MVP Directory Services ... Users will have accounts in both domains ... imperative that users cannot logon to Domain B from Domain A PC's... ...
    (microsoft.public.windows.server.active_directory)
  • Re: User Login
    ... filtering so that only this group gets the deny logon locally privilegs. ... the domain group called Domain Users is a member of the local ... put those user accounts into domain group and apply a GPO to the OU ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: RODC ...
    ... Win2003 DCs with RODC the WAN link between the RODC and RWDC goes ... Only then the users are able to logon if the WAN link is down. ... The Password Replication Policy acts as an access control list. ... The Password Replication Policy lists the accounts that are permitted ...
    (microsoft.public.windows.server.active_directory)
  • Re: Account Lockout Policies
    ... Deleting user accounts after 30 days of inactivity allows a windows of opportunity of 30 days for an ex-user to re-use the network. ... If a technical solution is unavoidable due to a lack of management buy-in, there are a few ways that it can be achieved. ... Ascertain from those logs when users last logged in and add 30 days. ... From the users logon script, touch a unique file in a common area. ...
    (microsoft.public.security)