Link to home
Avatar of waltforbes
waltforbesFlag for Bahamas

asked on

What command or script can apply a set of permissions to all computer accounts in a domain?

Points of My Scenario:


1. My domain A has a selective, cross-forest trust with domain B (A trusts B).


2. I enable users in domain B to logon to Windows hosts in domain A by granting domain-B\Domain Users group the "Read" and "Allowed to authenticate" permissions on domain-A's computer accounts.


3. I need to configure the above permission on all computer accounts in domain A (hundreds of computer accounts).


QUESTION: What command or script can I use to set such permissions on all computer accounts in Domain A?


Avatar of Michael Pfister
Michael Pfister
Flag of Germany image

Grant the permission to the OU where the computer accounts are located. Inheritance will enable it to all computer accounts below
Avatar of waltforbes

ASKER

Sadly, the "Allowed to authenticate" permission is not available for the OU object. It seems only available for the computer object.
ASKER CERTIFIED SOLUTION
Avatar of Michael Pfister
Michael Pfister
Flag of Germany image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
OMG! EUREKA! I found it --- AND --- it works!! I applied it at the top level computer OU object, and it was inherited by the member servers in the OU tree! Many thanks Pfister. You've just made life much more pleasant for me! Lol!