There are probably some commandline tools to do this, but I haven't looked
lately.
If the workstation is NT4, If you run "user manager for domains" (usrmgr.exe,
not musrmgr.exe) on the server or another workstation, either NT4 or
Win2k/XP, in the user/select domain menu you can enter the computer's name as
the domain name, and it will let you make changes to that computer's user
groups, etc. remotely. User manager for domains does not come with
workstation, just with NT4 server, but you can copy it to a workstation and
run it from there.
For a Win2k/XP workstation, from another Win2k/XP workstation or server, in
computer management you can choose "connect to another computer", where you
can modify the local users and groups on the remote workstation.
The whole idea here is that you set up some permissions, etc. once on the
workstation, and assign them to a global group, either directly, or by putting
a global group into a local group that has rights assigned to it. After that,
you change an individual user's rights by moving them in and out of the global
group, which can all be done on the server and/or remotely. The workstation
settings never deal directly with individual users, just with groups.
It's like when you drive down the road and you stop because some policeman
tells you to. You were never told that that individual was allowed to stop
you, just that a member of the police was allowed to. Someone else then
chooses whether to allow an individual to wear the uniform or not (and you
take their word for it).
|Hi, thanks it is clear. Could you please tell me how to
|add users into workstation's local user group through a
|command from the PDC?
|
|Thanks
|>-----Original Message-----
|>You should leave the computer in the domain, and then
|just remove everyone
|>from the local users group on the machine, and put the
|one user you want into
|>the local users group - then they will be the only user
|that the machine
|>recognizes (except for local&domain administrators).
|>By default, the global "domain users" group is added to
|the local "users"
|>group when a machine joins the domain - this is why
|everyone can log into the
|>machine.
|>
|>If you are talking about doing this with multiple people
|(but only one of them
|>at a time to be allowed to log in), you could create a
|global group named
|>something like "bobusers" if the machine were named bob,
|then put this group
|>(and no one else) into the local users group on bob, then
|you can control
|>access to bob by just moving a user in or out of the
|group bobusers.
|>
|>If you assign rights by groups like this, then you do not
|need to modify the
|>rights to make a change, just who the group members are.
|>
|>I hope this is reasonably clear, and helps.
|>
|>In article <1631001c41725$7bd211d0
|
[email protected]>, "Brumoon"
|> |I am having problems with the net computer command. Any
|> |one here used it?
|> |It seems fine when I delete a computer from the
|> |domain "net computer \\comp /del",
|> |but when I add it back to the domain "net computer
|> |\\comp /add", it doesnt allow
|> |domain users to login, saying the computer is not
|> |availabel in the domain!! HELP!
|> |
|> |Anyway, the reason why I require this is to enable a
|policy
|> |of booking a specifc computer by a specific user. Since
|> |any one can use the computer I have decided to take the
|> |computer out of the domain as the solution for stopping
|> |users from logging in. When the user who has booked the
|> |computer comes in, I will add the computer to the
|domain
|> |and let him use it. But the /add doesnt work. I have
|tried
|> |net user /workstation command to restrict users to
|> |specific machines but it doesnt STOP people from
|logging
|> |into specific machines!
|> |
|> |Any light into this dark area would be appreciated!
|> |
|> |Sorry if the question sounds stupid and there is a very
|> |simple answer to it!
|> |
|> |== Visit Sri Lanka, Paradise Regained ==
|>
|>--
|>You can take my advice. Or leave it. Just remember what
|you paid for it.
|>.
|>
