• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 762
  • Last Modified:

set temporary access using active directory security group

I have this security group called PA_ColorPrinterAccess in my domain infrastructure. I use this security group to manage access to a color printer. I add users manually and I remove users from this security group also manually after a while. What I want to do is to add a user for example TestUser in this security group and to allow this user to print on the color printer for only 2 days and after that this user to be removed automatically for this security group.
Thank you.    
1 Solution
You won't be able to do that with security groups.  Group membership is processed at logon.  So, if the user is added to the group, and then logs on, they will have permission to print to the printer.  If 2 days later, you remove them from the group, but the user does not re-logon, (they remain logged on from when they were a member) they will still be able to print.

If you want the permission to take effect immediately, you have to either remove the group or user from the printer's security tab.  That will have an immediate effect.  So if you are looking to really lock it down to 2 days, you need to adjust the setting at the printer level, not at the group membership level.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now