We use the 'logon workstation' parameter in the user profiles to define the workstation from which user can login to the Active Directory. It gives us additional protection that in case of a password compromise, the compromised password can be used only from the workstation assigned to the holder of that particular User ID.
However, IT service provide say that they have to make exception in this rule for those users who have OW access or remote access through the VPN. Therefore, a good numbers of users are deprived of the security of 'logon workstation restriction parameter'.
Is there any work around that would enable us to grant OW and VPN access while maintaining the "logon workstation" restriction? Thanks.
Software/Hardware used: Windows Active Directory on Windows Server R2