--
Herb Martin
Glenn C said:
Sorry I guess I should have been more detailed...
I have 650 wkstns, 2500 users, these are all in a domain broken down by
each school (12). I want to block all students from logging onto a few
specific machines (admin) computers. The student GPO is globally the same
for all sites so this would affect all the sites if modified, the same with
the teacher GPO.
You can make additional GPOs if we can find an easy way
for you to accomplish the goal.
So I was wondering if in active dirrectory users and computers I can
elimated say the authenticated users from specific machines in the
security tab and just add the teacher group?
No, "Authenticated Users" is an AUTOMATIC group like
Everyone, but essentially this idea is what Cary and I were
discussing for you but using Users membership on the
workstations and a group, either new and existing to
grant the right ONLY to them by adding them to "Users"
and removing the default "Domain Users" from it.
Or if you can think of any way to accomplish this. I know the brain food I
have been eating has not helped me lately except my girth...
We can accomplish it -- by modifying the group memberships,
but it is tedious -- changing each machine so we are trying to
figure out a way to do it with GPOs using the Restricted
Group feature.