Restrict computers to specific user accounts in AD
Posted on 2006-05-27
I'm familiar with the user account option to restrict use of the account to a list of named computers.
What I want to do is the opposite. For certain computers I only want certain accounts to have access.
E.g. User U1 can login to all computers, but user U2 can log into most computers not five of them.
I could do this by setting allowed workstations for every account but, apart from being a lot work, this seems a clumsy solution.
Is there a better way?
W2003 domain, XP Pro clients.