Manipulating a User Login Workstation

As shown in Figure 4.4, Windows NT allows the administrator the ability to restrict login to a specific group of machines. This can be helpful for restricting service accounts or preventing users from roaming to other workstations in the enterprise.

The LoginWorkstations property of the IADsUser interface will return a variant array containing the machines for which user logon will be limited. If this property is set for a user account, the user may only interactively log on to the machines specified in the array assigned to this property.

This property should be set when configuring service accounts to keep users from using these often privileged accounts elsewhere in the enterprise if they should happen to know the password for the account.

Querying Login Workstations Using Visual Basic

Using the now familiar For Each loop to enumerate the contents of the variant array of strings, you can return the values of all workstations for which a user account is limited. Consider the following Visual Basic code segment to perform this action:

 On Error Resume Next Dim User as IADsUser Dim UserName as String Dim UserDomain as String Dim Workstation as Variant UserDomain = "  Target_User_Domain  " UserName = "  Target_User_Name  " Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") If User.LoginWorkstations = "" then      For Each Workstation in User.LoginWorkstations           Debug.Print Workstation      Next Else      Debug.Print User.LoginWorkstations End If 

Adding a New Login Workstation to the LoginWorkstations Property Using Visual Basic

To add a new logon workstation, you must set the value of the LoginWorkstations property to an array of strings representing the workstations to which the user account will be limited.

Use the following Visual Basic code to add a single entry to the array in the IADsUser LoginWorkstations property:

 On Error Resume Next Dim TargetUserDomain As String Dim TargetUserName As String Dim Value As String Dim User As IADsUser Dim Workstation As Variant Dim NewElement() As Variant Dim i As Long Dim EmptyArray As Integer      Dim Entry As Variant Dim ValueAlreadyExists As Integer TargetUserDomain = "Target_User_Domain" TargetUserName = "Target_User_Name" Value = "New_Login_Workstation_To_Add" Set User = GetObject("WinNT://" & TargetUserDomain & "/" & TargetUserName & ",user") If IsArray(User.LoginWorkstations) = True Then For Each Entry In User.LoginWorkstations           i = UBound(NewElement) + 1           ReDim Preserve NewElement(i)           NewElement(i) = Entry           If Entry = "" Then EmptyArray = 1           If Entry = Value Then ValueAlreadyExists = 1      Next      If EmptyArray = 1 Then           User.LoginWorkstations = Array(Value)           User.SetInfo      Else           If ValueAlreadyExists <> 1 Then                i = UBound(NewElement) + 1                ReDim Preserve NewElement(i)                NewElement(i) = Value                User.LoginWorkstations = NewElement                User.SetInfo           End If      End If Else      If User.LoginWorkstations <> Value Then           User.LoginWorkstations = Array(User.LoginWorkstations, Value)           User.SetInfo      End If End If 

Removing an Existing Login Workstation from the LoginWorkstations Property Using Visual Basic

To remove an entry from an existing LoginWorkstations array, you can use the following Visual Basic code as a guide:

 On Error Resume Next Dim TargetUserDomain As String Dim TargetUserName As String Dim Value As String Dim User As IADsUser Dim Workstation As Variant Dim NewElement() As Variant Dim i As Long TargetUserDomain = "Target_User_Domain" TargetUserName = "Target_User_Name" Value = "Login_Workstation_To_Remove" Set User = GetObject("WinNT://" & TargetUserDomain & "/" & TargetUserName & ",user") If IsArray(User.LoginWorkstations) = True Then      Dim Entry As Variant      For Each Entry In User.LoginWorkstations           If Value <> Entry Then                i = UBound(NewElement) + 1                ReDim Preserve NewElement(i)                NewElement(i) = Entry           End If      Next      User.LoginWorkstations = NewElement      User.SetInfo Else      If User.LoginWorkstations = Value Then           User.LoginWorkstations = Array("")           User.SetInfo      End If End If