Niki Hammler wrote:
Ryan Novosielski schrieb:
Yes, the problem is that I've dozens of workstations where everyone
(approx. 600 users!) in LDAP should be allowed to login.
But there are a few workstations where only users should be allowed to
login who are members in some certain groups.
One of the options is to lookup windows tool ifmember.exe (in resource
kit). Place the ifmember.exe into %systemroot%\system32\ directory on
the clients. Than write and apply domain logon script, along the lines of:
if /I EQU %COMPUTERNAME%=(restricted PC's) goto RESTRICTEDLOGIN
:RESTRICTEDLOGIN
ifmember %permitted group% proceed with login else bug off.
Sorry, I don't have the time to write the script (neither the details
required for writing one for your situation), but it should be quite
straight forward. Depends on how many PC's and groups you are talking
about, you can make it a bit more fancy, easiest way though may be:
if /I %COMPUTERNAME% EQU "1st PC" goto RESTRICTEDLOGON1
if /I %COMPUTERNAME% EQU "2nd PC" goto RESTRICTEDLOGON2
:RESTRICTEDLOGON1
ifmember %1st PC group% proceed with login else bug off
:RESTRICTEDLOGON2
ifmember %2nd PC group% proceed with login else bug off
I think you got the picture.
Laco.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
