Stopping A User Logging On - Computer Specific
#1
Create a local group "cd user", create a global group "Global cd user".
Open local group, add global to local.
Apply permissions to executable, for admins and local group, and remove all others.
Anyone you need to access software, add them to global group.
You could apply "cacls" to whole of directory if you wanted, but the above should do the trick.
[Edited by Foot_Tapper - 8/6/2003 8:40:34 AM]
Open local group, add global to local.
Apply permissions to executable, for admins and local group, and remove all others.
Anyone you need to access software, add them to global group.
You could apply "cacls" to whole of directory if you wanted, but the above should do the trick.
[Edited by Foot_Tapper - 8/6/2003 8:40:34 AM]
#2
Here's an example of what you can put in a batch file.
rem Make local group
net localgroup LG-CDWRITER/ADD /COMMENT:"CD WRITER Group"
rem lock down directory
CACLS "C:\PROG FILES\CDWRITER" /E /T /C /P LG-CDWRITER:C /R Users
REM ADD GLOBAL TO LOCAL GROUP
net localgroup LG-CDWRITER GG-CDWRITER /ADD
I can provide a copy of cacls if required only 18kb
[Edited by Foot_Tapper - 8/6/2003 8:47:51 AM]
rem Make local group
net localgroup LG-CDWRITER/ADD /COMMENT:"CD WRITER Group"
rem lock down directory
CACLS "C:\PROG FILES\CDWRITER" /E /T /C /P LG-CDWRITER:C /R Users
REM ADD GLOBAL TO LOCAL GROUP
net localgroup LG-CDWRITER GG-CDWRITER /ADD
I can provide a copy of cacls if required only 18kb
[Edited by Foot_Tapper - 8/6/2003 8:47:51 AM]
#4
Scooby Regular
Cant you deny a Workstation in their Profile?
or alternativley just remove their access from the said cd writing machine
Or deny CD Rom access in a Group Policy (security settings)
or create a new container in AD, move that Computer (assuming it is win2k, and a member of the domain) into that new container
Create a Group Policy Object, remove CD Rom access in the group policy, and remove the apply group policy for all users except that one
or alternativley just remove their access from the said cd writing machine
Or deny CD Rom access in a Group Policy (security settings)
or create a new container in AD, move that Computer (assuming it is win2k, and a member of the domain) into that new container
Create a Group Policy Object, remove CD Rom access in the group policy, and remove the apply group policy for all users except that one
#6
Scooby Regular
hehe ok
If the computer is a member of the domain, then use NTFS permissions on local workstation on the folders
Are these progs accessed via the network, or does the user physically sit at the PC
If the computer is a member of the domain, then use NTFS permissions on local workstation on the folders
Are these progs accessed via the network, or does the user physically sit at the PC
#7
If you're happy with "unauthorised" users not being able to log on to that workstation, you can remove the "Log on locally" user right from "Users" and include a new Domain Global group containing authorised users only.
You can do this through a new Group Policy as per Sonic, or you can set it using Local Security Policy on the machine if you want to keep the computer account with the others.
Depends how big your domain is and whether or not you're likely to want to replicate this to other machines.
For the application permissions, just include in your Policy some file level security (again using a Domain Global group) which restricts certain executables to members of the new group.
You can do this through a new Group Policy as per Sonic, or you can set it using Local Security Policy on the machine if you want to keep the computer account with the others.
Depends how big your domain is and whether or not you're likely to want to replicate this to other machines.
For the application permissions, just include in your Policy some file level security (again using a Domain Global group) which restricts certain executables to members of the new group.
Trending Topics
Thread
Thread Starter
Forum
Replies
Last Post
Wingnuttzz
Member's Gallery
30
26 April 2022 11:15 PM
Scott@ScoobySpares
Full Cars Breaking For Spares
61
11 January 2021 03:08 PM
Scott@ScoobySpares
Full Cars Breaking For Spares
55
05 August 2018 07:02 AM
Scott@ScoobySpares
Full Cars Breaking For Spares
7
14 December 2015 08:16 AM