Accounts without workstation restrictions (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008

This check reports domain accounts that are not restricted to specific workstations. You can use the name list to exclude accounts that are not excluded by the Users to check option. Because workstation restrictions apply only to domain accounts, this check does not provide any information unless it is run on a domain controller.

The following table lists the error message for the check.

Table: Error message for Accounts without workstation restrictions

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_NO_WORKSTATION_RESTRICTIONS Category: Policy Compliance	Windows 2000 (105911) Windows 2003 (205911) Windows 2008 (248911)	Title: No workstation restrictions Description:The account can log on from any workstation in the domain. This makes unauthorized use of accounts easier because account access is not tied to a particular workstation. Restrict users to specific workstations unless the additional access is necessary.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Full/display name: %s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_NO_WORKSTATION_RESTRICTIONS

Category: Policy Compliance

Windows 2000 (105911)
Windows 2003 (205911)
Windows 2008 (248911)

Title: No workstation restrictions

Description:The account can log on from any workstation in the domain. This makes unauthorized use of accounts easier because account access is not tied to a particular workstation. Restrict users to specific workstations unless the additional access is necessary.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Full/display name: %s]