Solved

Script to Add Computers Users Can Log On To In AD

Posted on 2011-02-22
3
556 Views
Last Modified: 2012-05-11
We have a Server 2003 environment.  We currently restrict our users from logging on to other computers in AD by specifying what computers they each can Log on to.

The problem we are having is when we add a new server or training computer that all users will be able to log on to, we have to manually go an add this computer/server to each user.  Isn't there a faster way of doing this with some kind of scripting?  I've tried researching it but I keep coming up with Logon scripts like to map drives and printers.  I'm looking for a script that I can run and will add the new computer/server too all users in AD without the need to manually go and add it to each user myself.

Thanks
0
Comment
Question by:ozzalot
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 34953319
Or you could just get a away from using the "log on to" method.   There are two group policies

Logon Locally  http://msdn.microsoft.com/en-us/library/ms813954.aspx

Deny Logon Locally http://msdn.microsoft.com/en-us/library/ms813877.aspx

You could create a GPO and define who is allowed to login or if you want who to deny.   Place the machines in an OU and link the GPO at that level.

Thanks

Mike
0
 

Author Comment

by:ozzalot
ID: 34960515
Mkline

So using those methods, what would the "Log on to" properties in AD for the users be?  All computers?
0
 

Author Closing Comment

by:ozzalot
ID: 35111996
Sorry for the delay in answering back
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question