?
Solved

Script to change a user's group membership based on location of computer

Posted on 2006-07-24
6
Medium Priority
?
230 Views
Last Modified: 2010-08-05
This one might be a little tricky, but any help is greatly appreciated.

I already know how to create a script that can check the group membership of a computer.  However, I want to know if it is possible to run a script that will change a USER's group membership depending on what computer that user logs into.

For example. I work at a hospital, and we have probably a dozen or so Clinical Doctor's offices.  Each doctor has nursing and reception staff that can vary from day to day.  The staff in Dr. A's office one day might be in Dr. C's office the next day.

That's where a script like this would come in handy.  Each of our computers is placed in a group that corresponds with the location of that computer.  Is there any way that I could automatically at logon, using a script,  grant membership for the current user to the group that corresponds with the computer's location?  In this way we would be able to limit access to the Dr's calendar, network folders, printers, etc. without having the manually change the group membership ourselves.

Thanks in advance! Let me know if I can clarify my problem further!

Jason

0
Comment
Question by:MHCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 1500 total points
ID: 17170441
You can script this, yes.  But in order for it to take effect, the users must log out and back in.  

0
 

Author Comment

by:MHCC
ID: 17170812
Is that necessary so the group membership settings take effect? That probably won't work... Any suggestions on another way to accomplish the same goal?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17171205
Yes, absolutely.  Until the next logon they won't have their Security Token updated with their new group membership.

If this is all one domain then just create Global Groups that allow access to the appropriate resources.  For staff that work several offices then they'll belong to multiple groups.  I see no security issue with this.

If it's a workgroup, then the only thing you can do is issue a Generic account for each office for the staff to use.

0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:MHCC
ID: 17171253
It's a single domain.  There really is no security issue, it's just that the doctors do not want other offices to have immediate access to their schedules and files, etc. It's not necessarily a security issue, just a point of pickiness with the Doctors, to whom much pandering is done.  Although, I could see it being a potential HIPAA Privacy issue with all these separate offices potentially having acces to each other's patient data through their employees.

In any case, thanks for the information.

Jason
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17171362
Understand.

I would create separate user accounts for users that work in more than one office.  Keep them simple so they can remember what account to use where.

Perhaps, build something into the logon name for each roaming user that identifies the office.  The user can still use the same password for all accounts, just a different username for each office they work out of.

0
 

Author Comment

by:MHCC
ID: 17176120
That's a good idea. I will see if we can get that to work. Thanks for the tip!
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question