We use the 'logon workstation' parameter in the user profiles to define the workstation from which user can login to the Active Directory. It gives us additional protection that in case of a password compromise, the compromised password can be used only from the workstation assigned to the holder of that particular User ID.
However, IT service provide say that they have to make exception in this rule for those users who have OW access or remote access through the VPN. Therefore, a good numbers of users are deprived of the security of 'logon workstation restriction parameter'.
Is there any work around that would enable us to grant OW and VPN access while maintaining the "logon workstation" restriction? Thanks.
Software/Hardware used: Windows Active Directory on Windows Server R2
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!