Restrict Active Directory user by IP Address or Machine Name

I am needing to create a Windows Active Directory account for use with a Microsoft Dynamics CRM system to a set of SQL Server 2008 R2 servers. This user is requiring elevated privileges in my SQL Server environment that I normally do not allow in PROD, but for the purposes of this account - it is necessary (it's being used for Deployments, and to roll things down to lower environments as necessary).

I have tried researching methods of simply locking down an account in AD by either the IP address (for servers) or machine name (for workstations using DHCP), but have not been able to find anything very straight forward on how to do this (I am the DBA - not the SysAdmin, but I'm researching this for them).

Is there a way to simply tell the AD to only allow this user to log in from specific IP addresses AND machine names?

Thank you

3

2 Answers

You're likely after settings on your Network Policy Server. You can set constraints and conditions which would reject connections that don't meet your criteria. Looks like the Conditions have the ability to set a group of machines that a connection can be received from for a particular user group.

It's in the "Log On To" button on the "Account" Tab.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like