preventing domain logons on certain computers

  • Thread starter Thread starter school tech neophyte
  • Start date Start date
S

school tech neophyte

We are at a school running XP pro and server 2003. The
users connect to a domain.

We have a problem with the Teacher computers. We need to
prevent students (with accounts) from logging on to the
teacher computers. This generally occurs after school
when the teacher is not around.

The students have been unable- as far as we can tell, to
access documents, but the teachers have different child
protection schemes than the student workstations in the
lab.

We had hoped to use the "friendly logon" so only certain
users can logon to a given machine, but since we use the
domain that doesn't work.

The question is, how can we restrict who uses which
computers?

Thanks!
 
There is a user right to logon and deny logon locally which can be
configured in the appropriate security policy - local/domain/OU. Remove
everyone, users, etc., and just leave those users/groups that should be able
to logon to those computers. You may also want to do the same for access
this computer from the network. The setting is in security settings/local
policies/user rights assignments. Keep in mind this may not stop them from
trying and as such you need to use complex passwords and consider an account
lockout policy [ten attempts, fifteen minute lockout should work] and enable
auditing on those computers for logon events so that you can view the
security log in Event Viewer to see if access attempts are being tried. ---
Steve

http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
 
Back
Top