How do I use Group Policy to restrict a Security Group to only be able to log onto computers in a particular OU?
Posted on 2004-04-13
Kindly review my post in its entirety before answering.
I’m running Active Directory on a Win2003 server that is our internal DC. At the current moment, any domain user can log onto any client pc that was previously joined to our domain.
For clarification, none of my users have Roaming Profiles, nor do these users log in "locally" to any client; they can only log in using their domain account. Moreover, I am familiar with the "LOG ON TO" setting on the user account, but I was hoping there was a way to manage this via Group Policy for the entire OU.
With that said, I now want to restrict a particular group of users to a particular group of computers.
--For example, let's say my building has 3 floors.
--I have grouped all users and all computers from each floor into their own OU; floor_1, floor_2 and floor_3 respectively.
--I have also added the users on the 1st floor into their own Security Group called "1st_floor", and similarly for the other 2 floors.
Using Group Policy, I now wish to restrict users in the "1st_floor" security group from logging into computers located in the "floor_2" and "floor_3" OU.
Is this possible and, if so, how do I accomplish this?
Thank you in advance for your insight.