Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hello,
I have two classes of users rather like staff and guests and they're
generally in different locations. The staff have NT4 crates / 2k
Terminal Server clients and the guests have XP SP2s. Both use the same
domain.
Active directory sits on W2k server.
I'd like to stop each group from using the other's PCs. I could use
the "Log On To..." on the account tab of the user object but with ~100
users and crates that's too much admin.
Can I manage this with groups? I don't see a policy setting that would
work - but then you need to be logged on for the policy to be applied
so I guess a policy isn't the right approach.
I've put the two sets of PCs in different OUs and fully denied access
to the group I wish to stop logging on but that has no effect.
Any help apprecated,
Peter
Hello,
I have two classes of users rather like staff and guests and they're
generally in different locations. The staff have NT4 crates / 2k
Terminal Server clients and the guests have XP SP2s. Both use the same
domain.
Active directory sits on W2k server.
I'd like to stop each group from using the other's PCs. I could use
the "Log On To..." on the account tab of the user object but with ~100
users and crates that's too much admin.
Can I manage this with groups? I don't see a policy setting that would
work - but then you need to be logged on for the policy to be applied
so I guess a policy isn't the right approach.
I've put the two sets of PCs in different OUs and fully denied access
to the group I wish to stop logging on but that has no effect.
Any help apprecated,
Peter
Facebook
Twitter
Instagram