Our organisation has an AD; all users are in the one OU. I administer a section of the users. We have a bunch of computers that I only want to allow logon by users in a particular AD group (i.e. users in my section). How might I go about this?
Windows – How to restrict Windows AD logon to a certain group
active-directorygroupsloginwindows
Related Topic
- Ldap – Restrict access to websites based on LDAP / Active Directory group membership
- How to configure auto-logon in Active Directory
- How to find which logon script is being run
- How to one automatically logon to multiple user accounts in Windows 2008 R2
- Apply GPO to user AD group when using computers in a certain OU
- Windows Group Policy – Allow Logon Locally for All Local Accounts and Some Domain Accounts
Best Answer
Group Policy depends on Active Directory, whether for security or normal policies, and therefore, it is crucial to understand Active Directory and its structure.
I would like you to go through this Microsoft KB article. I hope this will be useful for you, and the link I'm posting is for Windows 2000 as you did not mention for which Windows version you want to restrict.
For sake of time, search for a third party tool, as today there are many third party tools available which are made to manage Active Directory in an easy way.