Well one way to accomplish it would be to use IPSEC in
require mode and define a rule that only that workstation could contact it as
well as any other systems you want to admin it from. You could specify ESP
Null so that you do not have the encryption overhead and simply use IPSEC for
authorization. I would suggest looking at the following White
Papers:
MSIT Security: http://www.microsoft.com/technet/itsolutions/msit/security/mssecbp.mspx (Look
at the section on Source Code Server Segmentation as well as the table titled
Data Class vs. Security Control Examples)
In a nutshell Microsoft secures its source code servers in
the manner that you describe below using IPSEC.
Thanks,
-Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, March 01, 2006 5:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Restricting a drive mapping to only from specific systems ( Limiting a computer account to specific workstations ) Hi Everyone,
I have another requirement and I
am not sure how I can do this. One of our Systems Engineers needs to restrict a
user account from mapping a drive from any other system in the domain then from
the system that we allow it to be logged in on. In other words he does not want a
user logged in with his or hers AD Account, then mapping a drive to the shared
resource with the restricted account. Is this possible?
Sincerely, Jose
Medeiros It seems that there is an upper
limit of 1024 characters even in AD2K3 using
ADUC. http://msdn.microsoft.com/library/default.asp?url=""> But, I am told that you can use
adsiedit to edit "userWorkstations" value to add more than 63
machines, though it is not Microsoft supported. On 2/27/06, Medeiros, Jose
<[EMAIL PROTECTED]> wrote: > > >
Greetings, > > > > A have quick question. I have
a requirement to limit a single account to > logon to only specific
systems (About 120). Although I have not tried
this, > one of our Systems
Administrators stated that he was limited to adding
only > about 30. Does any one know
if there is a work around? Has this number been > increased in Active Directory
2003? > >
Sincerely, > > Jose
Medeiros > MCP+I, MCSE, NT4
MCT > 408-765-0437
Direct > 408-449-6621
Cell |