Solved

Script to change a user's group membership based on location of computer

Posted on 2006-07-24
6
227 Views
Last Modified: 2010-08-05
This one might be a little tricky, but any help is greatly appreciated.

I already know how to create a script that can check the group membership of a computer.  However, I want to know if it is possible to run a script that will change a USER's group membership depending on what computer that user logs into.

For example. I work at a hospital, and we have probably a dozen or so Clinical Doctor's offices.  Each doctor has nursing and reception staff that can vary from day to day.  The staff in Dr. A's office one day might be in Dr. C's office the next day.

That's where a script like this would come in handy.  Each of our computers is placed in a group that corresponds with the location of that computer.  Is there any way that I could automatically at logon, using a script,  grant membership for the current user to the group that corresponds with the computer's location?  In this way we would be able to limit access to the Dr's calendar, network folders, printers, etc. without having the manually change the group membership ourselves.

Thanks in advance! Let me know if I can clarify my problem further!

Jason

0
Comment
Question by:MHCC
  • 3
  • 3
6 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 17170441
You can script this, yes.  But in order for it to take effect, the users must log out and back in.  

0
 

Author Comment

by:MHCC
ID: 17170812
Is that necessary so the group membership settings take effect? That probably won't work... Any suggestions on another way to accomplish the same goal?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17171205
Yes, absolutely.  Until the next logon they won't have their Security Token updated with their new group membership.

If this is all one domain then just create Global Groups that allow access to the appropriate resources.  For staff that work several offices then they'll belong to multiple groups.  I see no security issue with this.

If it's a workgroup, then the only thing you can do is issue a Generic account for each office for the staff to use.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:MHCC
ID: 17171253
It's a single domain.  There really is no security issue, it's just that the doctors do not want other offices to have immediate access to their schedules and files, etc. It's not necessarily a security issue, just a point of pickiness with the Doctors, to whom much pandering is done.  Although, I could see it being a potential HIPAA Privacy issue with all these separate offices potentially having acces to each other's patient data through their employees.

In any case, thanks for the information.

Jason
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17171362
Understand.

I would create separate user accounts for users that work in more than one office.  Keep them simple so they can remember what account to use where.

Perhaps, build something into the logon name for each roaming user that identifies the office.  The user can still use the same password for all accounts, just a different username for each office they work out of.

0
 

Author Comment

by:MHCC
ID: 17176120
That's a good idea. I will see if we can get that to work. Thanks for the tip!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question