Re: Only logon to computers in 1 OU

Thanks for the reply, but since I have so many OU's in my Active Directory I
would really like to just set this one user up with allow only, and not have
to go to the over 100 different OU's to deny access.

Plus, I am not well versed in scripts or how to write them. I have a user
we'll call "AI_User" and an OU called deptartments\finance\ap\computers If
you say "run a script" do you know where I can find samples written?

Thanks

"Florian Frommherz [MVP]" wrote:

Caesar,

Caesar wrote:
I want to know how through GPO I can have this 1 user only logon to the
computers in their department's OU?

I don't want to add computers in AD and then have to Add and Delete
everytime the department gets new systems. There has to be a way in GP to do
this but I don't see it.

I need to do this ASAP so any help quickly is more than appreciated!

The other way round would be possible but doesn't meet your requirement
(not to re-configure when new systems arrive). Is that a restriction to
this particular user or is that a requirement that nobody (except the
one user) needs access (only) to the machines?

There isn't a built-in functionality for this, you'll either have to
script it or link a GP with the "Deny log on locally" security setting
with the user's username to all other server except the OU he needs
access to the machines.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

.

Relevant Pages

  • Re: Newbie Here-Installing Flash on 50 machines
    ... machines to deploy to, and handle cases where machines are off line. ... a generic script really has no way to tell which computers ... Macromedia does provide a Windows MSI installer for the Flash ...
    (microsoft.public.windows.server.scripting)
  • Re: Joing computer script
    ... I have a site that has over 100 computers to join to the domain ... This script, as written, has to be run locally from the machine to be ... If you can connect to machines by hostname (you ... Set objComputer = ...
    (microsoft.public.scripting.vbscript)
  • RE: Reboot Script for Group Policy?
    ... Thanks for the reply and modification you made to the script you provided. ... Machines Names/IP and time should be separated by ... > 'Script to REBOOT a machine remotely... ... >>> I have a script that I use to reboot remote computers. ...
    (microsoft.public.windows.server.scripting)
  • RE: Changing local admin PW using vb logon script - can it be encrypted?
    ... Chwinpw is a small command line utility that can securely change passwords on remote/local windows ... be run from a logon script or from a central location. ... against all of the computers you want ... > machines run the script. ...
    (Focus-Microsoft)
  • Re: Only logon to computers in 1 OU
    ... I don't want to add computers in AD and then have to Add and Delete everytime the department gets new systems. ... There isn't a built-in functionality for this, you'll either have to script it or link a GP with the "Deny log on locally" security setting with the user's username to all other server except the OU he needs access to the machines. ...
    (microsoft.public.win2000.group_policy)
Loading