Limit access to domain PCs

425 pts.
Tags:
Roaming Profiles
Windows 2000 Server
Windows XP
I somehow find myself responsible for our school's small Windows 2003 Server (XP clients) network. I am trying to restrict student access to certain computers (we use roaming profiles.) I know I can give access to specific computers by going into each student account - but this is a lot of work. Is there an easier way of doing this?

Answer Wiki

Thanks. We'll let you know when a new response is added.

I am guessing you are limiting use due to workstation location or something similar.
If this is the case you could create Security groups for each area, (or group of PC’s) and change the PC’s so that the Local User group on each machine contains the new group created above. (remove the users from the domain users group of course).
Then you can just add the students to the relevent security group and this will limit their logon’s to
those specific machines (which can be more if added to more than one group)
This may be slightly time consuming at first, but will be much easier to manage in the future
with the possability of students moving around, or new ones coming in.
This is assuming they don’t need to be in the Domain Users group for anything.
If they do, you may will need, instead, to add the new group to the machines Local User Group,
but remove the Domain Users group from the machine.

*** Improved by Wrobinson on 02/08/08 ***

You can better automate and enforce this using restricted groups in Active Directory. First, segregate the workstations by OU based on security profile and then apply a GPO to each with the appropriate groups and memberships defined. For more information on restricted groups, refer to <a href=”http://redmondmag.com/columns/print.asp?EditorialsID=745″>http://redmondmag.com/columns/print.asp?EditorialsID=745</a>. You can find more information by performing a search for “restricted groups” using your favorite Web search engine, such as Microsoft Live Search <a href=”www.live.com”>www.live.com</a>.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following