Thanks for the pointers I have managed to get this working using a combo of dsquery, net user, and a good ol' fashioned scheduled task
Cheers, 2009/3/2 Carl Houseman <c.house...@gmail.com> > User account restrictions are not manipulated via GPO. You (or someone) > could construct a script that runs periodically to scan an OU and make sure > all accounts in the OU have a certain configuration of "log on to". So > there is "a way to do this", it just might not be the way you wanted... > > > > Carl > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Monday, March 02, 2009 5:53 AM > *To:* NT System Admin Issues > *Subject:* GPO question > > > > Mornin' all > > I don't think this is possible, but...is there a way to set a GPO so that > users in a particular OU are restricted to logging on to a few servers? I am > looking really for something to manipulate the user's "Log On To" settings > in Active Directory rather than the "Allow log on locally" user right on the > machine itself. I don't think there is a way to do this, but does anyone > have any ideas? > > TIA, > > > > JRR > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
