Topic: login to specific workstations

[John]

I need to allow only certain domain users access to a couple of computers on the network. SME 5.1.2 is the domain controller and the workstaions are a mix of windows 98, Me, and XP...

Two machines are for admin users only and I want to block the standard user from logging in. These machines are running Win98.

Thanks for any ideas...

[chris meredith]

With 95/98/ME you are pretty well out of luck.  Bypassing the login is pretty easy, and there is no file level access control, so anyone on the box can get to any file.  

There might be some third party apps that could help.  Maybe you could encrypt the file you don't want other users to access.  You could also shut the boxes down when not in use and add a bios password.

If you need user level security you might consider NT/Win 2k/XP Pro, or even Linux on the desktop.

[John]

yeah...  at least they will not have access to the network drives if they bypass the login.. but still some files are local...   I was hoping that there could be some cool thing that I could do in samba that would reject certain users on specific machines...

[Trevor B]

The problem is NOT samba, it's Win98 which will let you log on without any user id or password if you want (press cancel at the login screen....). It doesn't care about the network and/or samba.

Trevor B

John wrote:
>
> yeah...  at least they will not have access to the network
> drives if they bypass the login.. but still some files are
> local...   I was hoping that there could be some cool thing
> that I could do in samba that would reject certain users on
> specific machines...

[John]

If I upgrade to W2k on those two machines, then what are my options?

[A-P]

or you can disable cancel button


REGEDIT4
       
; This file was automatically generated by Xteq X-Setup (http://www.xteq.com)
;
; HIGHLY IMPORTANT: Before using this file be sure to read the documentation for
;                   "Record Mode". Not doing so might lead to unexpected results
;                   when using this file!
;
; The WARNINGS ISSUED below informs you if any warnings were reported. If so, the
; plug-in(s) has invoked functions that can not be recorded to this file. In this
; case, this REG file might not work as expected.
;
; WARNINGS ISSUED: No - this REG file should work without problems
;

[HKEY_LOCAL_MACHINE\Network\Logon]
"MustBeValidated"=dword:00000001

[Terry Brummell]

If you disable the Cancel button, can the user boot to safe mode and defeat the network logon that way?

Just my 2 cents....

[Derek]

Win2K will do what you need. Set it up so that the Win2K machines aren't domain members, then you can create a local user list and do all the user-level local file security that you want. You can still access the SME server too. When you click on the SME server in Network neighbourhood you will get a login prompt. Enter a user/password from a valid SME account and you're good to go.

We do this exact thing here for a mission criticial system that runs an Emergency Early Warning service, (we're a radio station), that still needs access to the SME domain.

Regards,

Derek

[steve]

Definitely use Windows2000 or (ugh) XP.
However, I would set them up with SME as domain server.
that way you don't have to create accounts on each separate machine.

i dont know about ME, but 98 has NO file security.
If you want certain people to have access and others to have no access, you cannot use 98.

cheers
steve

[John]

sounds like something that needs to be added...  the ability to block users from specific workstations would be nice

thanks for your input!

[dennis]

If you just add the W2k boxes to the SME domain all users can still logon on the win2k boxes.

However in the "local security policy"  (control panel -> administrative tools -> local security policy) you can specify which users have the right to logon to the win2k box. (under user right assignment specify which users have the "logon locally" right)

success.

[Phil]

You could always use a little bit of software called Watchdog.

http://www.sarna.net/watchdog/

This will work on your Win98 workstations, i was using it at home on my 98/Me Pc that the kids used to restrict their access. I'm sure you could adapt this to your business need.

It also functions under 2000/XP and is excellent.

Cheers Phil