Script to Add Computers Users Can Log On To In AD

We have a Server 2003 environment.  We currently restrict our users from logging on to other computers in AD by specifying what computers they each can Log on to.

The problem we are having is when we add a new server or training computer that all users will be able to log on to, we have to manually go an add this computer/server to each user.  Isn't there a faster way of doing this with some kind of scripting?  I've tried researching it but I keep coming up with Logon scripts like to map drives and printers.  I'm looking for a script that I can run and will add the new computer/server too all users in AD without the need to manually go and add it to each user myself.

Thanks
ozzalotAsked:
Who is Participating?
 
Mike KlineConnect With a Mentor Commented:
Or you could just get a away from using the "log on to" method.   There are two group policies

Logon Locally  http://msdn.microsoft.com/en-us/library/ms813954.aspx

Deny Logon Locally http://msdn.microsoft.com/en-us/library/ms813877.aspx

You could create a GPO and define who is allowed to login or if you want who to deny.   Place the machines in an OU and link the GPO at that level.

Thanks

Mike
0
 
ozzalotAuthor Commented:
Mkline

So using those methods, what would the "Log on to" properties in AD for the users be?  All computers?
0
 
ozzalotAuthor Commented:
Sorry for the delay in answering back
0
All Courses

From novice to tech pro — start learning today.