Restricting Trusted Domain user login hour

Tutorials Win: Microsoft Windows Forum

Hi there,

I was wondering if there is anyway to limit user's logon hour by
configuring AD Domain A while the user account is in a trusted Domain
B please?

What I have got is a computer lab with all computers and network
resources belonging to Domain A. Domain A trusted Domain B (with the
same forest), hence users from Domain B can log onto computers in the
lab. Now we want to limit users from using the lab after hour. I know
I can set the logon hours for the users in AD User and Computer in
Domain B but I only want to limit their access to computers in Domain
A, not the entire organization/AD forest.

Is there a way to control that within Domain A please?

Thanks,

Edmond.
Top

Re: Restricting Trusted Domain user login hour by Tom

Tom
Wed Jul 09 00:11:23 PDT 2008

logon hours can be set by computers in lab...
group policies can be applied on domain or OU and to spec.users,groups...

e.g. new ou ->place comps from lab->set GP on OU "deny logon localy" in
user rights

all users can be gruped in groups and applied through above setting


if you are lazy to search for solution how it is easier to write all
that text.
lazy are totaly out.


cake756@gmail.com wrote:
> Hi there,
>
> I was wondering if there is anyway to limit user's logon hour by
> configuring AD Domain A while the user account is in a trusted Domain
> B please?
>
> What I have got is a computer lab with all computers and network
> resources belonging to Domain A. Domain A trusted Domain B (with the
> same forest), hence users from Domain B can log onto computers in the
> lab. Now we want to limit users from using the lab after hour. I know
> I can set the logon hours for the users in AD User and Computer in
> Domain B but I only want to limit their access to computers in Domain
> A, not the entire organization/AD forest.
>
> Is there a way to control that within Domain A please?
>
> Thanks,
>
> Edmond.
Top

Re: Restricting Trusted Domain user login hour by Oredigger

Oredigger
Sun Jul 27 10:58:52 PDT 2008

Hi Edmund,

I am currently running in to the same problem of needing to limit the logon
hours for some users (students), while allowing other users (instructors)
access all hours. I've been scouring the newsgroups looking for answers, but
so far nothing. I did sees a program that looked promising (Access Boss),
but apparently it doesn't work with domain user accounts.

If run into anything that seems like it might work, I'll reply to your
thread.

Good Luck,

Skip
<cake756@gmail.com> wrote in message
news:2dd1da5c-5823-483d-b258-5ff4ee0390f2@l42g2000hsc.googlegroups.com...
> Hi there,
>
> I was wondering if there is anyway to limit user's logon hour by
> configuring AD Domain A while the user account is in a trusted Domain
> B please?
>
> What I have got is a computer lab with all computers and network
> resources belonging to Domain A. Domain A trusted Domain B (with the
> same forest), hence users from Domain B can log onto computers in the
> lab. Now we want to limit users from using the lab after hour. I know
> I can set the logon hours for the users in AD User and Computer in
> Domain B but I only want to limit their access to computers in Domain
> A, not the entire organization/AD forest.
>
> Is there a way to control that within Domain A please?
>
> Thanks,
>
> Edmond.


Top

Re: Restricting Trusted Domain user login hour by Marcin

Marcin
Tue Jul 29 11:05:44 PDT 2008

Have you considered leveraging the "Deny logon locally" user right? You
could modify local policy of computers in Domain A in a desired manner
(granting/denying ability to logon for a designated group from Domain B)
using SECEDIT running as a scheduled task twice a day...

hth
Marcin

"Oredigger" <orediigger@mytmail.com> wrote in message
news:eCOftJB8IHA.2064@TK2MSFTNGP02.phx.gbl...
> Hi Edmund,
>
> I am currently running in to the same problem of needing to limit the
> logon hours for some users (students), while allowing other users
> (instructors) access all hours. I've been scouring the newsgroups looking
> for answers, but so far nothing. I did sees a program that looked
> promising (Access Boss), but apparently it doesn't work with domain user
> accounts.
>
> If run into anything that seems like it might work, I'll reply to your
> thread.
>
> Good Luck,
>
> Skip
> <cake756@gmail.com> wrote in message
> news:2dd1da5c-5823-483d-b258-5ff4ee0390f2@l42g2000hsc.googlegroups.com...
>> Hi there,
>>
>> I was wondering if there is anyway to limit user's logon hour by
>> configuring AD Domain A while the user account is in a trusted Domain
>> B please?
>>
>> What I have got is a computer lab with all computers and network
>> resources belonging to Domain A. Domain A trusted Domain B (with the
>> same forest), hence users from Domain B can log onto computers in the
>> lab. Now we want to limit users from using the lab after hour. I know
>> I can set the logon hours for the users in AD User and Computer in
>> Domain B but I only want to limit their access to computers in Domain
>> A, not the entire organization/AD forest.
>>
>> Is there a way to control that within Domain A please?
>>
>> Thanks,
>>
>> Edmond.
>
>


Top