|
I see that in the User Properties, Account tab, Log On To...button,
there is a way to restrict users to logon to only certain workstations. This
seems to be a great way of ensuring that visitors to a facility get very
limited access. Unfortunately I don't see that this feature can be
controlled via a GPO and ultimately assigned to groups of visitors.
(Maybe one group needs email only, another email and a couple of other places,
and etc.) I also see that Microsoft suggests that network machines be
protected via GPO on restricting network access in the User Rights Assignment
under Access this computer from the network. This seems like an awful complex
solution to implement on thousands of machines just to service up some visitor
accounts with limited access to the network. What I was wondering is what other folks are doing with
visitor access. Does anyone have a limited access user account process and
what are you using for this? What I was hoping for was a logon to certain
workstations that can be feed via group membership to determine logon
ability. Maybe a third party tool to enhance the abilities of GPO's? Jason |
