We have an interesting problem. Basically what i need to do is limit what computers a user will logon to. If you open up a user AD account and click on the account tab you'll see the Logon To button. in there, you can specify which computers a user is allowed to logon to. By default, it's set to "ALL Comptuers". What I want to do is set it to "The following computeres". More specifically, I want this requirement to only be placed on a certain ou. So anytime a user is created in the specified OU, the logon to check box is defaulted to "the following computer". Any idea how to do this?
Bear in mind that because it is a computer-specific policy you will need to link the GPO to COMPUTER accounts, then use security filtering to restrict it to just one group of users.