set temporary access using active directory security group

Posted on 2008-11-13
Last Modified: 2012-05-05
I have this security group called PA_ColorPrinterAccess in my domain infrastructure. I use this security group to manage access to a color printer. I add users manually and I remove users from this security group also manually after a while. What I want to do is to add a user for example TestUser in this security group and to allow this user to print on the color printer for only 2 days and after that this user to be removed automatically for this security group.
Thank you.    
Question by:BetfairRomania
    1 Comment
    LVL 16

    Accepted Solution

    You won't be able to do that with security groups.  Group membership is processed at logon.  So, if the user is added to the group, and then logs on, they will have permission to print to the printer.  If 2 days later, you remove them from the group, but the user does not re-logon, (they remain logged on from when they were a member) they will still be able to print.

    If you want the permission to take effect immediately, you have to either remove the group or user from the printer's security tab.  That will have an immediate effect.  So if you are looking to really lock it down to 2 days, you need to adjust the setting at the printer level, not at the group membership level.


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now