quick and easy centralized access control list?
September 27, 2007 4:44 AM   Subscribe

"Is there a centralized way to do that? Where the administrator can keep a list of usernames (and initial passwords) in a central location, and the computers remotely check in on that list when a user logs on, before giving the user access?"

Yup. Windows Server 2003. It's a lot more than $50, though, and you'd need to run it on its own server PC. But you also get the benefit of being able to specify very fine-tuned restrictions for specific user accounts or computers which is quite handy. There is (very deliberately) no other supported method of having a centralized login database in WinXP.

There might be free/cheap solutions that approximate parts of this, but I'm not aware of any. You can get Linux and SAMBA to act as a Windows NT4-style domain controller, but I don't think WinXP plays nicely with that.

What are these computers used for, and what are the security concerns you're trying to address by restricting logins? There might be other ways of addressing those concerns.
posted by CrayDrygu at 5:00 AM on September 27, 2007

Seconding Server 2003. It's going to cost money, but there's really no other way to do it (either reliably or legally). Really, though, it'll be money well spent, because the level of control will be as granular as you want it to be.
posted by omnipotentq at 5:01 AM on September 27, 2007

By complex, I mean that you don't want to run an Active Directory server unless you also have control over your organization's DNS service.
posted by Blazecock Pileon at 5:33 AM on September 27, 2007

There's a limited version of Windows Server called "Windows Small Business Server" (Windows SBS). It may be cheaper than a full-blown copy of 2003 Standard.

However, if this is an academic environment, MSFT has pretty attractive academic pricing for Windows server - check with your bookstore or whoever handles the software sales on campus.
posted by GuyZero at 8:30 AM on September 27, 2007

@jak68: "These are regular computers in a computer lab, pretty much wide open for use. Its just that they're being used by 'the public' and we want to limit their use to people in the office."

There's a few ways of going about this. If the computers are used for more than just Internet access, look into some of the systems used by "Cyber Cafes" to control access. The software and/or hardware probably won't be $50, but it'll likely be less than Windows Server. I have no idea how well it works, but as an example, Easy Cafe for 15 PCs would run you about $550. Compare to Windows Server 2003 Small Business with 15 CALs, for $1500-2000 plus a PC to run it on.

On the other hand, if they are only used for Internet access, you could set up a proxy server they would all have to go through, and force your users to give a username/password to that server. It's usually called a "captive portal," and it's how wifi hotspots are usually set up. This can be done entirely with free software, but you'll need to find someone who knows what they're doing to set it up.
posted by CrayDrygu at 9:13 AM on September 27, 2007

You could have all the machines set up with userids/passwords & have VNC running. That way you could remotely log in to change passwords regularly.
posted by theora55 at 4:13 PM on September 27, 2007

« Older Is there anywhere to look at P...   |   Three weeks ago I went on a lo... Newer »

This thread is closed to new comments.