Experts Exchange > Questions > How to restrict service account login to just the computers contained in 1 OU without specifying all the computers it can login to (in the properties of the service account)?
I would like a new service account we have to ONLY be able to login to computers contained in a specific OU. This OU has many computer accounts contained in sub OU's so I do not want to list each computer in the service accounts' properties (under the "Log On To..." button).
Is this possible via GPO? or some other solution?
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …