Restrict user logon access to computers

Hello there,

I'm running a network based on Windows Server 2003 SP1 Enterprise Edition. My question is whether it is possible to restrict logon access to the users to specific computers, so that they cannot logon to all computers in the network - locally, that is.
I know that it is possible to go to each user's object in AD and specify the computers in 'Log On To...", but I was wondering whether there is a 'batch' way to do this through group policy or some script.
Thanks in advance.
ntossiouAsked:
Who is Participating?
 
PberConnect With a Mentor Solutions ArchitectCommented:
You can do limited batch processing from from ADUC.

Just select multiple users with ithe ADUC console (CTRL+Click) or (SHIFT+Click)

The right click the highlighted users and select properties then just select Account Computer Restrictions and Log On to.

This will only work if the group of users is restricted to the same machines.

Other than that, it can be scripted.
0
 
ntossiouAuthor Commented:
Pber,

Thanks for the quick reply. Any example scripts you could provide?
0
All Courses

From novice to tech pro — start learning today.