Organization Unit Login

[Ricky]

Paul and Dragos

Can both tell me where can i find a document that could explain the
differences between the ways both talk?

Thanks
[]
Ricky

 

[Herb Martin]

Herb,

Yes. That is the goal. Thanks... can you tell me if exists a microsoft or
other type of document where explains the steps for the adive you just
give.

I doubt there is a Microsoft document for such -- they probably didn't
think of this idea explicitly.

And Paul also gave you a strategy using the Right to Logon Locally that
might be neater. (This thread.)

Just Google stuff like:

[ site:microsoft.com ~restrict logon locally OU | site ]

Or some such -- you might have to vary the search until you
get something close but don't be surprised if there is nothing
explicit for this.

 

[Paul Williams [MVP]]

I'm not aware of a document that spells out how to do this. The Threats and
Countermeasures guide might refer to such a setup for high security
environments. You use similar techniques when using server and domain IPSec
isolation.

High level instructions:

Create a test OU and move a computer account into there.
Perform the steps I mentioned previously - create and link a GPO and define
the logon locally right with admins and a custom group.
Reboot the computer in the temporary OU and get two user objects to try and
logon. One who's a member of the allowed group and one who isn't.