On 8/20/2015 11:34 AM, Marc Muehlfeld wrote:> Hello, > > Am 19.08.2015 um 23:24 schrieb shacky: >> How can I avoid a user or a set of users of a Samba 4 Domain Controller to >> login on Windows clients or let them to only login on some specific clients? >> Thank you very much! > You can lock an account to a set of defined workstations in the user > object, or more global via GPO. > > See > https://4sysops.com/archives/deny-and-allow-workstation-logons-with-group-policy/ > > > > Regards, > Marc >Another option is to set the 'Log On To' feature under user 'Properties', 'Account' within Active Directory Users and Computers snap in. -- -James
Am 20.08.2015 um 17:48 schrieb James:>> See >> https://4sysops.com/archives/deny-and-allow-workstation-logons-with-group-policy/ > > Another option is to set the 'Log On To' feature under user > 'Properties', 'Account' within Active Directory Users and Computers snap in.That's the first screenshot behind that link ;-) But this way only allows you to define where an account is allowed to logon - not the opposite (deny login). Regards, Marc
On 8/20/2015 12:58 PM, Marc Muehlfeld wrote:> Am 20.08.2015 um 17:48 schrieb James: >>> See >>> https://4sysops.com/archives/deny-and-allow-workstation-logons-with-group-policy/ >> Another option is to set the 'Log On To' feature under user >> 'Properties', 'Account' within Active Directory Users and Computers snap in. > That's the first screenshot behind that link ;-) > > But this way only allows you to define where an account is allowed to > logon - not the opposite (deny login). > > > Regards, > MarcThat's what I get for not clicking the link. =) You are correct. You can't deny specific workstations and allow all others. It's the opposite with this method. I would like to offer a tip for anyone reading this thread. I have my VPN users authenticating against Samba. You must add the Domain Controller users are authenticating against as well as the specific workstations you want them to log onto. It took me a moment or two to figure out this problem. -- -James