Solved

Script to Add Computers Users Can Log On To In AD

Posted on 2011-02-22
3
553 Views
Last Modified: 2012-05-11
We have a Server 2003 environment.  We currently restrict our users from logging on to other computers in AD by specifying what computers they each can Log on to.

The problem we are having is when we add a new server or training computer that all users will be able to log on to, we have to manually go an add this computer/server to each user.  Isn't there a faster way of doing this with some kind of scripting?  I've tried researching it but I keep coming up with Logon scripts like to map drives and printers.  I'm looking for a script that I can run and will add the new computer/server too all users in AD without the need to manually go and add it to each user myself.

Thanks
0
Comment
Question by:ozzalot
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 34953319
Or you could just get a away from using the "log on to" method.   There are two group policies

Logon Locally  http://msdn.microsoft.com/en-us/library/ms813954.aspx

Deny Logon Locally http://msdn.microsoft.com/en-us/library/ms813877.aspx

You could create a GPO and define who is allowed to login or if you want who to deny.   Place the machines in an OU and link the GPO at that level.

Thanks

Mike
0
 

Author Comment

by:ozzalot
ID: 34960515
Mkline

So using those methods, what would the "Log on to" properties in AD for the users be?  All computers?
0
 

Author Closing Comment

by:ozzalot
ID: 35111996
Sorry for the delay in answering back
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now