RE: Client Access Rights
From: Scott Ford (removethis.scott_at_starlite-entertainment.com)
Date: 02/23/05
- Next message: The Desperate Microsoft's Newbie: "Performance Monitor"
- Previous message: Robert L [MS-MVP]: "Re: unable to join computer to domain"
- In reply to: Blaze: "Client Access Rights"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 18:07:03 -0800
Blaze,
You can do this with Group Policy. Make a container in AD which contais all
the COMPUTERS (not users) in the admin and sales dept. Create a group policy
and, in it, go to COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES > SYSTEM
> LOGON. Now find the rule called "Only allow local user profiles" and enable
it. Now apply this policy to the container you made containing the computers
you want this enforced on. You will have to go to the individual computers
and delete the accounts off of them that you dont want logged on. The reason
for this is, when a roaming user logs into a network machine, windows
automatically downloads that user into the local profiles. Once the machine
policy is set, they wont be able to do this, and the oly way for a differnt
user to log in is if the Network Admin (You) installs that account on the
local machine using the administrive computer account. Hope this helps. Using
Group Policy for the first time always takes some experimentation.
"Blaze" wrote:
> Hi
>
> How can I restrict a Domain User Group from access ing a range of client
> PC's.. ie Admin cannot logon to Sales Departments PC's and Visa Versa
>
>
>
- Next message: The Desperate Microsoft's Newbie: "Performance Monitor"
- Previous message: Robert L [MS-MVP]: "Re: unable to join computer to domain"
- In reply to: Blaze: "Client Access Rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
