Yes I've done that before, although not for this type of user. It's still something I would have to maintain vs. dumping someone in an OU. I could swear restricting users to just the exchange server broke something else when I originally tried years ago but I can't remember what. Will just have to test. Thanks
________________________________ From: David Lum [mailto:[email protected]] Sent: Tuesday, December 20, 2011 8:49 AM To: NT System Admin Issues Subject: RE: GPO - Deny Logon Locally to everyone in OU? Set properties so they can only log onto that one server "Log on to" in the "account" tab. Dave From: N Parr [mailto:[email protected]] Sent: Tuesday, December 20, 2011 6:38 AM To: NT System Admin Issues Subject: GPO - Deny Logon Locally to everyone in OU? So I have an OU that contains users that exist only so they can have an email address. I don't want them to be able to log on locally to any workstation. But they still need to have logon access to the exchange server for their webmail and in a lot of cases I have workstations with generic logons and multiple outlook profiles configured. Users constantly think because they have a logon they can log on to any computer. I found this article that seems to give me one solution. http://www.petri.co.il/forums/showthread.php?t=10183 I would prefer to use AD to accomplish this, not a script. This article is rather old referenced 03 AD and I'm on 08R2 now. Just asking if anyone else has done this with another or easier solution. I thought about just assigning these people a logon script that issues a logoff command but the username is case sensitive in a logon script and it would be a pain to manage. Only concern I have is making sure everyone has logon access exchange so they can get their mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
