RE: Accessing Network Shares / Scripts are not running on user laptops

Giganews Newsgroups
Subject: RE: Accessing Network Shares / Scripts are not running on user laptops
Posted by:  Steve (Ste…@discussions.microsoft.com)
Date: Sun, 26 Mar 2006

I advise that you do not pursue this, if you apply restrictions on user or
users and it impacts the business it will be the IT staff that will get the
fired.

But you can do this by restricting a user to a particular or a bunch of
particular workstations. Its best to prcoceed in clear agreement with the
users that they will be affected by restrictions and from now on will have to
conform to IT policy of logging in by the domain to laptop orthey will not be
able to login at all.

Do you have an Active Directory Domain or NT domain? User access in an
Active Directory domain can be restricted to a particular workstation.
Locking a user to a particular workstation will require NetBios name
resoultion.

Do a block of users one day at at time with their prior knowledge, for
example e-mail them a week earlier to say you can know only log in with
authorised laptops, from xx/xx/06 you can only use workstations xyz. If you
wish to continue using your own laptop you must bring it down to use for
approval.

Start the Active Directory Users and Computers snap-in. To do this, click
Start, point to Administrative Tools, and then click Active Directory Users
and Computers.
2. In the console tree, click the container that contains the user account
that you want.
3. In the right pane, right-click the user account, and then click
Properties.
4. Click the Account tab, and then click Logon on to.
5. Change it from All computers to The following computers
6. Select the workstations you want to allow this user to log on to the
domain, and then click Add.
7. When you are finished configuring the workstations, click OK, and then
click OK in the user account Properties dialog box.
8. Quit the Active Directory Users and Computers snap-in.

"XKS" wrote:

> We have a network with around 600+ users, where most of them are using
> personal laptops to access the network. A lot of them are logging on their
> laptops with their local accounts and then map to the network shares with
> their domain user accounts. This is becomming a problem since our scripts are
> not run on their laptops.
> a) Is there any way that we can setup windows 2003 server to deny access to
> anyone that did not log on their laptop with their domain user account?
> b) Is there a way that we can prevent the logon window from popping up when
> they try to access a network share while logged on locally? Have an access
> denied window instead? Or maybe have the script do something that would be
> checked whenever they tried to access the network?
> c) Is there a way we can run our scripts, when they access the network
> shares with their domain user accounts while they are logged on with their
> local account on their laptop?
>
> Any ideas would be appreciated. Unfortunately since those are their personal
> laptops they have local admin accounts. Taking their local admin rights away
> or denying the use of their personal laptops on our network is not an option.
> If it was up to us we would have denyed the use of personal laptops and would
> not have these issues.

Replies

In response to

Accessing Network Shares / Scripts are not running on user laptops posted by XKS on Sun, 26 Mar 2006