LinkBack URL
About LinkBacksI want the workstation ion the teachers desk only to allow logons from staff not students. How do I do this please. WIndows Server 2003 and XP Pro on the desktops.
Thank you
Microcosm
I want the workstation ion the teachers desk only to allow logons from staff not students. How do I do this please. WIndows Server 2003 and XP Pro on the desktops.
Thank you
Microcosm
Assuming the computer is on a domain...
Create a separate sub-OU for the workstation and create a new group policy object for this OU.
Then, open group policy management console on the Windows 2003 server and go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Double click on the "Deny Logon Locally" setting.
Add all user groups except administrators and staff to this list.
Hope this helps.
There is a way to do this that will allow you to just let the teachers on and block everyone else without needing to specify each group individually.
Make sure you have a security group with your teachers in it. Then chuck the machine into its own OU under where it is at the moment in AD and add a new group policy object to that OU. Inside that group policy you want to go to:
Computer Configuration> Windows Settings> Security Settings> Local Policies> User Rights Assignment: Log on locally
Then remove the Users group and the add the group that you created earlier. This will let your two teacher log on and also allow administrators to in case they/you need to fix something.
Have this setup in our school office to stop teachers messing with the reception computers.
Adapted from: restricting who can log on to a certain machine
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote