Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Script to change a user's group membership based on location of computer

Posted on 2006-07-24
6
226 Views
Last Modified: 2010-08-05
This one might be a little tricky, but any help is greatly appreciated.

I already know how to create a script that can check the group membership of a computer.  However, I want to know if it is possible to run a script that will change a USER's group membership depending on what computer that user logs into.

For example. I work at a hospital, and we have probably a dozen or so Clinical Doctor's offices.  Each doctor has nursing and reception staff that can vary from day to day.  The staff in Dr. A's office one day might be in Dr. C's office the next day.

That's where a script like this would come in handy.  Each of our computers is placed in a group that corresponds with the location of that computer.  Is there any way that I could automatically at logon, using a script,  grant membership for the current user to the group that corresponds with the computer's location?  In this way we would be able to limit access to the Dr's calendar, network folders, printers, etc. without having the manually change the group membership ourselves.

Thanks in advance! Let me know if I can clarify my problem further!

Jason

0
Comment
Question by:MHCC
  • 3
  • 3
6 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 17170441
You can script this, yes.  But in order for it to take effect, the users must log out and back in.  

0
 

Author Comment

by:MHCC
ID: 17170812
Is that necessary so the group membership settings take effect? That probably won't work... Any suggestions on another way to accomplish the same goal?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17171205
Yes, absolutely.  Until the next logon they won't have their Security Token updated with their new group membership.

If this is all one domain then just create Global Groups that allow access to the appropriate resources.  For staff that work several offices then they'll belong to multiple groups.  I see no security issue with this.

If it's a workgroup, then the only thing you can do is issue a Generic account for each office for the staff to use.

0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:MHCC
ID: 17171253
It's a single domain.  There really is no security issue, it's just that the doctors do not want other offices to have immediate access to their schedules and files, etc. It's not necessarily a security issue, just a point of pickiness with the Doctors, to whom much pandering is done.  Although, I could see it being a potential HIPAA Privacy issue with all these separate offices potentially having acces to each other's patient data through their employees.

In any case, thanks for the information.

Jason
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17171362
Understand.

I would create separate user accounts for users that work in more than one office.  Keep them simple so they can remember what account to use where.

Perhaps, build something into the logon name for each roaming user that identifies the office.  The user can still use the same password for all accounts, just a different username for each office they work out of.

0
 

Author Comment

by:MHCC
ID: 17176120
That's a good idea. I will see if we can get that to work. Thanks for the tip!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question