Re: better way to limit users/group to logon to specific workstations?

Hi Bailey,
You can control who can log on to a computer with the User Rights Assignment
setting, Log on Locally. This is a computer policy, and by default includes
the local group Users, which by default in a domain contains domain users.
You can remove Users, and add whatever group you want. Or you can control
membership of the local group Users.
Apply this policy to an OU where the computers are. You can either create a
dedicated OU, or you can contol which computers the policy applies to by
editing the Security of the Group Policy Object. By default it is read and
applied by Authenticated Users, which includes all computers. In the policy
Security tab, you can remote (or uncheck) Authenticated Users and add the
computer group you want the policy to apply to.
Hope that helps,
Anthony, http://www.airdesk.co.uk



"baileyk9" <baileyk9@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D714436-E9E3-4A44-892B-F1407D95A80F@xxxxxxxxxxxxxxxx
Is there a better way to do this:
We limit a set of user accounts to logging on to specific workstations by
using the "Logon Workstations" property of each of those user accounts.
Seeking advice on a more manageable solution - using GPOs, and/or
restructuring our OU's for these resources if necessary.

scenario: 15-20 user accounts, and 50-60 workstations that they can log on
to (10-20 per user account, but it would be OK to give them access to all
50-60 workstations, since they are at different locations and will never
be
able to log on to those outside their site anyway). Managing this is a
mess
as the list of PCs they can log on to changes (PCs are added to or removed
from service).

Seems like putting all the restricted users in one OU, with the restricted
computers that they can access in another OU, and limit their access via
group policy? I understand GPOs, but don't know what GPO to use/create or
if
this is the best approach.
Any ideas greatly appreciated!!

<>


.

Relevant Pages

  • Re: Reinstall everytime assigned applications through GPO on start
    ... Software installation extension has been called for background policy refresh ... Stations - R&D Software (EMEA computers). ... Stations - R&D Software (EMEA computers) is set for installation because it ... The assignment of application Remote Administrator v2.1 from policy Software ...
    (microsoft.public.windows.group_policy)
  • Re: Active directory Group Policy (Win2k)
    ... When I enforce the policy onto the computers in the new OU, ... Domain Admins so the Domain Admins cannot view ... workstations, to access Microsoft Office. ...
    (microsoft.public.security)
  • Best location for policies
    ... and an OU for User Accounts. ... TSServer OU since I have a separate policy for TS users. ... I have 2 policies: one for Our Computers OU - it has a few ... I am not sure what's the best way to organize policies. ...
    (microsoft.public.win2000.security)
  • Re: group policys
    ... are you wanting the workstations to lock the session if the user walks away? ... I created my own policy. ... > this.(Microsoft Network Server: Amount of idle time before suspend ... >> then My Business and then Computers and then SBS Computers and in here ...
    (microsoft.public.windows.server.sbs)
  • "The local policy of this system doesnt permit you to logon interactively" on workstation
    ... All users except administrator get this error: "The local policy of this ... There is no problems for all users on other computers. ... I checked local policy on one of the workstations: ...
    (microsoft.public.windows.server.sbs)
Loading