I wasn't sure if this was the case or not, but it certainly makes no sense why it would be. Seems to me that this kind of defeats the purpose of this option so I did some testing in my Dev environment. Testing that was performed, 1. New user account created. 2. Configured "Log On To" with access to Machine "A" only. 3. Logged on to machine "A" no problem. 4. Attempted logging on to Machine "B" and got the following message, > "Your account is configured to prevent you from using this computer. Please try another computer." 5. From machine "A" I accessed a shared drive and created\used\modified files without issue. 6. From machine "A" I started an application installed on one of the domain servers without issue. I did not however test citrix so I cannot confirm it, but knowing citrix as well as I do you might be absolutely correct. As far as accessing shared network resources and using networked applications, I don't think this will be a problem. Thanks Gary ----- Original Message ----- From: Tim Bolton To: gptalk@xxxxxxxxxxxxx Sent: Tuesday, March 18, 2008 8:35 AM Subject: [gptalk] Re: Limit Logon Be careful when doing this. I thought that this setting was to allow Local Logon to listed PC. However, you will also prevent them from accessing apps on other servers such as a Citrix Server etc. You will have to list each server they will need to access in order for them to work properly. You can use netstat running in a 5 sec interval writing to a text file to track which servers are being hit. Just an FYI... Tim On Tue, Mar 18, 2008 at 7:13 AM, Gary Noyes <gwnoyes@xxxxxxxxxxx> wrote: > > Wouldn't it be easier just to modify the user account properties to > accomplish this? Under the "Account" tab click on the "Logon on to" button. > > > ----- Original Message ----- > From: Attardo, Joe > To: gptalk@xxxxxxxxxxxxx > Sent: Tuesday, March 18, 2008 8:06 AM > Subject: [gptalk] Limit Logon > > > > I have been asked to limit an account to only be able to logon to a specific > machine in the domain. Can this be accomplished via GPO? > ________________________________ > The information in this e-mail (including attachments, if any) is considered > confidential and is intended only for the recipient(s) listed above. Any > review, use, disclosure, distribution or copying of this e-mail is > prohibited except by or on behalf of the intended recipient. If you have > received this email in error, please notify the sender immediately by reply > email, delete this email, and do not disclose its contents to anyone. Thank > you. ________________________________ > -- "Why is it every time I need to get somewhere, we get waylaid by jackassery? " Dr. Venture *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************