? That shows how to do it on a per-computer basis. I found lots of references to that on Google before posting. ;-) Finding a GP way to do it eludes me, but Dean's suggestion has probably led me to a non-GP way to do it once at the OU level. It took me a while to find it even with his suggestion, but once I changed the advanced ACL editor to computer objects instead of child objects, the allowed to auth right appeared.
Heck; I'll still buy you both a beer for helping me out at this hour. :-) ********************** Charlie Kaiser W2K3 MCSA/MCSE/Security Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Akomolafe, Deji > Sent: Monday, November 27, 2006 6:49 PM > To: [email protected] > Subject: RE: [ActiveDir] Selective auth, "allowed to auth" > right, group policy > > http://technet2.microsoft.com/WindowsServer/en/library/b4d9643 > 4-0fde-4370-bd29-39e4b3cc7da81033.mspx?mfr=true > > You owe me a beer for making me do your google :) > > > Sincerely, > _____ > (, / | /) /) /) > /---| (/_ ______ ___// _ // _ > ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.com > <x-excid://32770000/uri:http://www.akomolafe.com> - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were > worried about Yesterday? -anon > > ________________________________ > > From: Charlie Kaiser > Sent: Mon 11/27/2006 5:28 PM > To: [email protected] > Subject: [ActiveDir] Selective auth, "allowed to auth" right, > group policy > > > I have to add the "allowed to auth" right to a large number of > workstations so that workstation admins from another domain can access > them. Instead of adding that right to each computer object, is there a > way to do it with group policy at the OU level? I haven't been able to > find it. It's a painful manual process. > > We're using a selective auth external trust between forests. For other > reasons, we can't set up a "normal" trust. > > Thanks... > > ********************** > Charlie Kaiser > W2K3 MCSA/MCSE/Security > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/[email protected]/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/
