[gptalk] Re: Limit Logon

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 18 Mar 2008 09:31:43 -0500

That setting prevents you from doing an interactive logon, so mapping
drives/printers doesn't fall in that category. Citrix, however, would
because you are actually logging on through Terminal Services.


Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Gary Noyes
Sent: Tuesday, March 18, 2008 9:13 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Limit Logon


I wasn't sure if this was the case or not, but it certainly makes no
sense why it would be. Seems to me that this kind of defeats the purpose
of this option so I did some testing in my Dev environment. Testing that
was performed,

        1. New user account created.

        2. Configured "Log On To" with access to Machine "A" only.

        3. Logged on to machine "A" no problem.

        4. Attempted logging on to Machine "B" and got the following

                > "Your account is configured to prevent you from using
this computer. Please try another computer."

        5. From machine "A" I accessed a shared drive and
created\used\modified files without issue.

        6. From machine "A" I started an application installed on one of
the domain servers without issue.

I did not however test citrix so I cannot confirm it, but knowing citrix
as well as I do you might be absolutely correct. As far as accessing
shared network resources and using networked applications, I don't think
this will be a problem.




        ----- Original Message ----- 

        From: Tim Bolton <mailto:jsclmedave@xxxxxxxxx>  

        To: gptalk@xxxxxxxxxxxxx 

        Sent: Tuesday, March 18, 2008 8:35 AM

        Subject: [gptalk] Re: Limit Logon


        Be careful when doing this.  I thought that this setting was to
        Local Logon to listed PC.  However, you will also prevent them
        accessing apps on other servers such as a Citrix Server etc.
        You will have to list each server they will need to access in
        for them to work properly.  You can use netstat running in a 5
        interval writing to a text file to track which servers are being
        Just an FYI...
        On Tue, Mar 18, 2008 at 7:13 AM, Gary Noyes
<gwnoyes@xxxxxxxxxxx> wrote:
        > Wouldn't it be easier just to modify the user account
properties to
        > accomplish this? Under the "Account" tab click on the "Logon
on to" button.
        > ----- Original Message -----
        > From: Attardo, Joe
        > To: gptalk@xxxxxxxxxxxxx
        > Sent: Tuesday, March 18, 2008 8:06 AM
        > Subject: [gptalk] Limit Logon
        > I have been asked to limit an account to only be able to logon
to a specific
        > machine in the domain. Can this be accomplished via GPO?
        > ________________________________
        > The information in this e-mail (including attachments, if any)
is considered
        > confidential and is intended only for the recipient(s) listed
above. Any
        > review, use, disclosure, distribution or copying of this
e-mail is
        > prohibited except by or on behalf of the intended recipient.
If you have
        > received this email in error, please notify the sender
immediately by reply
        > email, delete this email, and do not disclose its contents to
anyone. Thank
        > you. ________________________________
        "Why is it every time I need to get somewhere, we get waylaid by
        jackassery? " Dr. Venture
        You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/

Other related posts: