[gptalk] Re: Limit Logon

  • From: "Gary Noyes" <gwnoyes@xxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 18 Mar 2008 10:12:44 -0400

I wasn't sure if this was the case or not, but it certainly makes no sense why 
it would be. Seems to me that this kind of defeats the purpose of this option 
so I did some testing in my Dev environment. Testing that was performed,
  1. New user account created.
  2. Configured "Log On To" with access to Machine "A" only.
  3. Logged on to machine "A" no problem.
  4. Attempted logging on to Machine "B" and got the following message,
          > "Your account is configured to prevent you from using this 
computer. Please try another computer."
  5. From machine "A" I accessed a shared drive and created\used\modified files 
without issue.
  6. From machine "A" I started an application installed on one of the domain 
servers without issue.
I did not however test citrix so I cannot confirm it, but knowing citrix as 
well as I do you might be absolutely correct. As far as accessing shared 
network resources and using networked applications, I don't think this will be 
a problem.

  ----- Original Message ----- 
  From: Tim Bolton 
  To: gptalk@xxxxxxxxxxxxx 
  Sent: Tuesday, March 18, 2008 8:35 AM
  Subject: [gptalk] Re: Limit Logon

  Be careful when doing this.  I thought that this setting was to allow
  Local Logon to listed PC.  However, you will also prevent them from
  accessing apps on other servers such as a Citrix Server etc.

  You will have to list each server they will need to access in order
  for them to work properly.  You can use netstat running in a 5 sec
  interval writing to a text file to track which servers are being hit.

  Just an FYI...


  On Tue, Mar 18, 2008 at 7:13 AM, Gary Noyes <gwnoyes@xxxxxxxxxxx> wrote:
  > Wouldn't it be easier just to modify the user account properties to
  > accomplish this? Under the "Account" tab click on the "Logon on to" button.
  > ----- Original Message -----
  > From: Attardo, Joe
  > To: gptalk@xxxxxxxxxxxxx
  > Sent: Tuesday, March 18, 2008 8:06 AM
  > Subject: [gptalk] Limit Logon
  > I have been asked to limit an account to only be able to logon to a specific
  > machine in the domain. Can this be accomplished via GPO?
  > ________________________________
  > The information in this e-mail (including attachments, if any) is considered
  > confidential and is intended only for the recipient(s) listed above. Any
  > review, use, disclosure, distribution or copying of this e-mail is
  > prohibited except by or on behalf of the intended recipient. If you have
  > received this email in error, please notify the sender immediately by reply
  > email, delete this email, and do not disclose its contents to anyone. Thank
  > you. ________________________________

  "Why is it every time I need to get somewhere, we get waylaid by
  jackassery? " Dr. Venture
  You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: