Could be multiple things. The way I understand that that
capability is implemented is that the GINA code on the machine that a user is
logging onto looks at that info in the domain and then makes a decision on
whether to log on or not. Any authentication that doesn't go through the GINA
code (such as runas or net use /user, etc) will not adhere to that setting.
Also if you have a custom GINA it won't necessarily adhere to that setting. It
could be replication issues or latency as well.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timothy Foster
Sent: Thursday, July 13, 2006 4:03 PM
To: [email protected]
Subject: [ActiveDir] Log On To...
On the Account tab
of the User Properties window in ADUC there is a 'Log On To...' button which - I thought - limited the
user's ability to logon to only workstations specified.
I applied
restrictions to an account in our domain and they did not work. In other
words, the restricted account was able to logon to a workstation not specified
in the list.
What did I
miss? Is there a group policy setting that may be over-riding the
setting? How do I go about troubleshooting this?
Thank in
advance.
Tim
