?
Solved

Restrict Logon to Computers in an Organizational Unit

Posted on 2007-03-22
4
Medium Priority
?
976 Views
Last Modified: 2012-06-27
I am running a winodws 2003 forest with only one domain. In this domain I have created three Organizational Units for the purpose of grouping my computers in the domain namely OU1, OU2, OU3. Each of these Organizational Units consists of about 500 Computers. I also have created three more Organizational Units for the purpose of grouping my users namely UserGroup1, UserGroup2, UserGroup3. Currently what any user can logon to any computer. I now want to device a policies which would only allow 1) UserGroup1 to only Logon to OU1     2) UserGroup2 to only Logon to OU2    3) UserGroup3 to only logon to OU3. That is to say I do not want users in UserGroup1 to be able to logon to computers that are in OU3. How do I implement such a policy.  
0
Comment
Question by:nyathim
  • 2
4 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18772220
I can't think of any way in which this can be done with group policy.
0
 
LVL 19

Accepted Solution

by:
aissim earned 1000 total points
ID: 18773460
Give this a try:
First you'll have to create 3 security groups - one for each of your user OU's (we'll say SecUser1, SecUser2, SecUser3). Then you'll create three different GPO's, one assigned to each of your computer OU's.
Edit each of the GPO's and navigate to Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment | 'Allow log on locally'....define this setting and only allow SecUser1 group for the OU1 GPO.....SecUser2 group for the OU2 GPO...etc.

Good luck!
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 18773674
in addition to what asissim said: this policy setting won't allow you to only allow secuser1 etc.; it will require that Administrators should also be granted this permission. So you add local administrators; then you will have to ensure that local administrators group on all machines does not include domain users.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18773883
Good point! Forgot that part...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Loops Section Overview
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question