User account restrictions are not manipulated via GPO. You (or someone) could construct a script that runs periodically to scan an OU and make sure all accounts in the OU have a certain configuration of "log on to". So there is "a way to do this", it just might not be the way you wanted...
Carl From: James Rankin [mailto:[email protected]] Sent: Monday, March 02, 2009 5:53 AM To: NT System Admin Issues Subject: GPO question Mornin' all I don't think this is possible, but...is there a way to set a GPO so that users in a particular OU are restricted to logging on to a few servers? I am looking really for something to manipulate the user's "Log On To" settings in Active Directory rather than the "Allow log on locally" user right on the machine itself. I don't think there is a way to do this, but does anyone have any ideas? TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
