Limit users to logon only to computer that belong to user's domain

[Stefano Del Furia]

Hi all,
i have 100Pcs used in 7 child domains in a single AD forest.
I would like to set a group policy so that an user can logon to his domain
only from PCs that belong to that
domain.

I know that there is an "AD users and computers" account setting for
granting access only to certain PCs but i have 400 users and 100 PCs and
do it manually is a "very annoying game".
Could some one point me to the right direction ???

Sometimes ago i have read a post in this newsgroup about hot to
"Restrict users to only certain pc's"
http://groups.google.com/group/micr..._frm/thread/89307b64b18a1b9b/6ccd5a0c7aef0db5

But i don't reach to understand how to get it to works.
Thanks in advance
Stefano

 

[Jerold Schulman]

Hi all,
i have 100Pcs used in 7 child domains in a single AD forest.
I would like to set a group policy so that an user can logon to his domain
only from PCs that belong to that
domain.

I know that there is an "AD users and computers" account setting for
granting access only to certain PCs but i have 400 users and 100 PCs and
do it manually is a "very annoying game".
Could some one point me to the right direction ???

Sometimes ago i have read a post in this newsgroup about hot to
"Restrict users to only certain pc's"
http://groups.google.com/group/micr..._frm/thread/89307b64b18a1b9b/6ccd5a0c7aef0db5

But i don't reach to understand how to get it to works.
Thanks in advance
Stefano

Install PsShutdown from tip 4086 in the 'Tips & Tricks' at http://www.jsifaq.com and netdom.exe from the servers Support Tools on the CD-ROM on each workstation.
In a logon script, include the following code:

if "%USERDNSDOMAIN%"=="" goto logoff
set OK=N
for /f "Tokens=*" %%a in ('netdom.exe query /domain:%USERDNSDOMAIN% workstation^|find /i "%ComputerName%"') do (
set OK=Y
)
if "%OK%" EQU "N" goto logoff
endlocal
goto :EOF
:logoff
PsShutdown.exe -o


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com