[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


set temporary access using active directory security group

Posted on 2008-11-13
Medium Priority
Last Modified: 2012-05-05
I have this security group called PA_ColorPrinterAccess in my domain infrastructure. I use this security group to manage access to a color printer. I add users manually and I remove users from this security group also manually after a while. What I want to do is to add a user for example TestUser in this security group and to allow this user to print on the color printer for only 2 days and after that this user to be removed automatically for this security group.
Thank you.    
Question by:BetfairRomania
1 Comment
LVL 16

Accepted Solution

robrandon earned 375 total points
ID: 22950257
You won't be able to do that with security groups.  Group membership is processed at logon.  So, if the user is added to the group, and then logs on, they will have permission to print to the printer.  If 2 days later, you remove them from the group, but the user does not re-logon, (they remain logged on from when they were a member) they will still be able to print.

If you want the permission to take effect immediately, you have to either remove the group or user from the printer's security tab.  That will have an immediate effect.  So if you are looking to really lock it down to 2 days, you need to adjust the setting at the printer level, not at the group membership level.


Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question