Re: Restricting Logons to Workstations
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 1 Apr 2007 11:26:57 -0400
confused <confused@xxxxxxxxx> wrote:
<snip>
You can do stuff with policies, but I'd be careful that you aren't
locking your own admin account(s) out of the boxes....I wouldn't go
that route. What's the reason you want to do this, anyway?
<snip>>>
the motivation is that we are trying to take control of the network.
Yes indeedy.
we have lots of users (100) on about two dozen PCs.
24 PCs isn't a lot. You can clean this up in a weekend.
they log on in
random locations and in doing so create a local profile in the
process.
Well - this is also a company policy/HR issue, isn't it?
I like to use roaming profiles, and folder redirection. You can use folder
redirection without roaming profiles, too, of course.
And you can make sure that they aren't able to log into the domain multiple
concurrent times.
then they save stuff to the local drive... then complain
that their files are missing... i know that we should have folder
redirection and other restriction in place but we don't
That's the *first* thing you should do, in my opinion.
Frankly, if your users are *supposed* to be storing their data on the server
(even without roaming profiles/folder redirection), that isn't really an IT
issue...
and we first
have to gather all the data from the random local user profiles from
all the workstations into one centralized place
Why do you need to do this first?
before we can just
force folder redirection of the users will not see any of their
files. so first things first... control the logons, clean up the
data,
I think this is going to be *more* work. If you restrict users from logging
in again to a workstation in which they did have locally stored data, how
are you or they going to get it/move it? I'd do things in the other order;
I'm sure there's something you can do with a login script (even a simple
batch file) that will check for the presence of stuff in <username's
profile>\my documents and \desktop and move it to appropriate subfolders in
that username's home directory (for example; this would be wherever you have
their folders redirected).
and then force folder redirection is the very general plan.
thanks again for your help. i agree that your suggestion seems
simpler than group policy, but it does mean having to edit all the
user accounts to specify the workstation(s) where they are entitled
to log on.
I wouldn't do it at all; I'd go in over a weekend and clean it up in one
fell swoop. It isn't the number of users that's the issue - you don't have
that many workstations to worry about/move data from.
.
- Follow-Ups:
- Re: Restricting Logons to Workstations
- From: confused
- Re: Restricting Logons to Workstations
- References:
- Re: Restricting Logons to Workstations
- From: Lanwench [MVP - Exchange]
- Re: Restricting Logons to Workstations
- From: confused
- Re: Restricting Logons to Workstations
- From: confused
- Re: Restricting Logons to Workstations
- From: Lanwench [MVP - Exchange]
- Re: Restricting Logons to Workstations
- From: confused
- Re: Restricting Logons to Workstations
- Prev by Date: Re: Restricting Logons to Workstations
- Next by Date: Has any way to change all the domain users have the right to install the software on local computer?
- Previous by thread: Re: Restricting Logons to Workstations
- Next by thread: Re: Restricting Logons to Workstations
- Index(es):
Relevant Pages
|
