asked on
Force Logon To Workstaion field to be populated
All,
We have an interesting problem. Basically what i need to do is limit what computers a user will logon to. If you open up a user AD account and click on the account tab you'll see the Logon To button. in there, you can specify which computers a user is allowed to logon to. By default, it's set to "ALL Comptuers". What I want to do is set it to "The following computeres". More specifically, I want this requirement to only be placed on a certain ou. So anytime a user is created in the specified OU, the logon to check box is defaulted to "the following computer". Any idea how to do this?
We have an interesting problem. Basically what i need to do is limit what computers a user will logon to. If you open up a user AD account and click on the account tab you'll see the Logon To button. in there, you can specify which computers a user is allowed to logon to. By default, it's set to "ALL Comptuers". What I want to do is set it to "The following computeres". More specifically, I want this requirement to only be placed on a certain ou. So anytime a user is created in the specified OU, the logon to check box is defaulted to "the following computer". Any idea how to do this?
Active Directory
Last Comment
tigermatt
ASKER
Doesn't look like what i want can be done. Closing this questions.
ASKER
Doesn't appear that what i want to do can be done.
It can be done. Use the Group Policy approach which I suggested; it wouldn't be for an entire OU, instead it would be for a security group containing the users you want to lock down.
ASKER
We are under compliance to be able to audit 1 computer per user. If we did it your way, then all users in that security group would have admin rights to all computers in that OU. What i invesioned was when a tech created an AD account that they be forced to populate the users computer with it.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Thanks, esbfern!
-tigermatt
-tigermatt
Bear in mind that because it is a computer-specific policy you will need to link the GPO to COMPUTER accounts, then use security filtering to restrict it to just one group of users.
-tigermatt