Hi all,
i have 100Pcs used in 7 child domains in a single AD forest.
I would like to set a group policy so that an user can logon to his domain 
only from PCs that belong to that
domain.

I know that there is an "AD users and computers" account setting for 
granting access only to certain PCs but i have 400 users and 100 PCs and 
do it manually is a "very annoying game".
Could some one point me to the right direction ???
Thanks in advance
Stefano

i have never posted on here before but hey ill give it a shot. what about a
GPO for the computers in that domain and the setting allow logon locally and
add domain users group only for that domain because i am sure everyone is a
member of the domain user groups in that domain. just a thoughtnot telling
you the exact answer

Show quoteHide quote

I have one ou that the users aren't allowed to log onto any machine, it is
only used for domain web access.  I have set up a gpo on this ou that
completely locks all access down.  No icons on desktop, no programs on the
start menu, etc...  I have also included a logoff script which executes
logoff.exe.

If you wanted to use something similar you could place users in a group that
was denied apply for the gpo.  That way any users who don't belong to this
group would execute the logoff script.  The reason the lockdown is setup is
so if the uesrs are able to stop the logoff script they still have no access
to anything else.

http://www.ss64.com/nt/logoff.html

news:op.s57qk5mtvqn431@nemo...
Show quoteHide quote

GPO Login Script
Zero results returned for uSNchanged search...
R2 Schema Changes
Utilizing 2003 R2 improvements
anyone able to answer an ADAM question?
ADAM and replica link
NTDS KCC Error 1925 and 2042 in Even manager
Move shared folders
GPO Update won't update
Correct way to Permission attibutes