[gptalk] Re: Limit Logon
- From: "Gary Noyes" <gwnoyes@xxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 18 Mar 2008 10:12:44 -0400
I wasn't sure if this was the case or not, but it certainly makes no sense why
it would be. Seems to me that this kind of defeats the purpose of this option
so I did some testing in my Dev environment. Testing that was performed,
1. New user account created.
2. Configured "Log On To" with access to Machine "A" only.
3. Logged on to machine "A" no problem.
4. Attempted logging on to Machine "B" and got the following message,
> "Your account is configured to prevent you from using this
computer. Please try another computer."
5. From machine "A" I accessed a shared drive and created\used\modified files
without issue.
6. From machine "A" I started an application installed on one of the domain
servers without issue.
I did not however test citrix so I cannot confirm it, but knowing citrix as
well as I do you might be absolutely correct. As far as accessing shared
network resources and using networked applications, I don't think this will be
a problem.
Thanks
Gary
----- Original Message -----
From: Tim Bolton
To: gptalk@xxxxxxxxxxxxx
Sent: Tuesday, March 18, 2008 8:35 AM
Subject: [gptalk] Re: Limit Logon
Be careful when doing this. I thought that this setting was to allow
Local Logon to listed PC. However, you will also prevent them from
accessing apps on other servers such as a Citrix Server etc.
You will have to list each server they will need to access in order
for them to work properly. You can use netstat running in a 5 sec
interval writing to a text file to track which servers are being hit.
Just an FYI...
Tim
On Tue, Mar 18, 2008 at 7:13 AM, Gary Noyes <gwnoyes@xxxxxxxxxxx> wrote:
>
> Wouldn't it be easier just to modify the user account properties to
> accomplish this? Under the "Account" tab click on the "Logon on to" button.
>
>
> ----- Original Message -----
> From: Attardo, Joe
> To: gptalk@xxxxxxxxxxxxx
> Sent: Tuesday, March 18, 2008 8:06 AM
> Subject: [gptalk] Limit Logon
>
>
>
> I have been asked to limit an account to only be able to logon to a specific
> machine in the domain. Can this be accomplished via GPO?
> ________________________________
> The information in this e-mail (including attachments, if any) is considered
> confidential and is intended only for the recipient(s) listed above. Any
> review, use, disclosure, distribution or copying of this e-mail is
> prohibited except by or on behalf of the intended recipient. If you have
> received this email in error, please notify the sender immediately by reply
> email, delete this email, and do not disclose its contents to anyone. Thank
> you. ________________________________
>
--
"Why is it every time I need to get somewhere, we get waylaid by
jackassery? " Dr. Venture
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
