login restrictions by subnet

[Dale]

I know I can restrict a user's logon hours. I know I can
restrict them to a single machine, or several machines,
by NetBIOS names.

What I need to do is to allow users to login at ANY
system, only if the system's IP address is in a
particular IP Subnet. I may need to specify a number of
subnets.

Can this be done?

 

[Chriss3]

No this can't been done so far I know.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

 

[Matjaz Ladava [MVP]]

The most close thing to do this with GPO would be by creating sites in AD
for each subnet and then use GPO on the site (GPO's apply on sites, domains
and OU). This GPO could then hold logon local right for specific group.
Haven't done this yet, but I don't see why it would not work. For time
restriction, there is not an easy answer to this scenario, but if you have
Windows Server 2003 AD, then you could apply WMI filters to GPO's. WMI
filters filter GPO execution based on the return of WMI query, if the query
for the time would return no value, then GPO would not execute.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[A Lam]

Or you can simply use your router to limit the access from any
particular subnet.

Antonio