How to Limit Logon Script to Specific Machines Only via Group Policy?
Posted on 2006-05-09
There are several hundred computers spread out in groups of 20-30 in different classrooms. There are nearly a thousand students and teachers. The computers are organized by OU (classroom). In each classroom there is typically a teacher's workstation, too, that has attached to it one or more printers which are shared so that everyone else in the classroom can use them. Those definitions currently are being done manually and has gotten tiresome with all the turnover semester to semester and the number of students involved.
I want to connect a classroom's 2 printers to anyone who logs on to any student machine in that particular classroom, but nowhere else. As an example, Little Johnny in the Chem Lab doesn't need printers from English Lit 201. I wrote a VB Script that defines the network printers and sets one as default; it works well for all users security levels when I execute it manually off the desktop after I've logged on. It's specific to the classroom.
Now I want to automate this process and make it a logon script so that anyone who logs onto any machine in that classroom gets ITS two printers and no others. I created a group policy that defined my script in the user Windows scripts logon section. I was careful to place it in the policy folder. I attached that policy to the computer OU for that classroom. I even did a gpudate. But it never executes when I log onto a machine in that classroom.
Somebody told me that I can only associate a user policy with a user security group. I don't understand that (since policies contain both a computer and user component) nor even how that is practical since I want ANY user who logs on in a specific location (a unique classroom) to have a particular logon script run (with its own unique printers). I don't want printers being defined to a user for Classroom 4 when the user is logging onto a computer in Classroom 12. And it's unwieldly to impossible to keep regrouping students based on their classroom assignments (which change during the day). Intuitively, the logon script should be assigned/selected based on LOCATION (the computer by its membership in the OU) and NOT by who happens to be logging on.
But I haven't been able to figure it out yet. Any ideas?