Thread-topic: Restricting Active Directory Logins To a Group of Computers
User-agent: Microsoft-Entourage/11.2.0.050811
Try putting the AD users in the OD group that is tied to a machine list.
Do this using WGM on a machine bound to both OD and AD. Get 2 windows open
showing each directory (use File > View Directory) - drag the AD users into
the OD group.
Its not great, as it requires a bit of management, but it should do the
job...
Let me know if I have been too vague here.
JK.
--
Justin Krisko
Editorial Systems Analyst
Time Inc Europe (IPC Media Ltd)
London, UK
Desk: +44 207 261 6829
Mob: +44 7985 207 334
AIM: email@hidden
> From: David Rocamora <email@hidden>
> Date: Wed, 28 Sep 2005 10:56:42 -0400
> To: <email@hidden>
> Conversation: Restricting Active Directory Logins To a Group of Computers
> Subject: Restricting Active Directory Logins To a Group of Computers
>
> I am in an environment with a Windows 2003 Active Directory server and many
> Macintosh (as well as windows) clients. I'm looking to get better control
> out of who can log in and out of Macintosh machines while maintaining a
> single sign on system using Active Directory.
>
> Following the instructions at: http://www.macwindows.com/ADinstruct.html . I
> have created an Open Directory server that can manage groups of Active
> Directory Users.
>
> What I cannot do is create a group of computers and restrict certain groups
> of Active Directory users from logging in. I can make groups that limit the
> logins of Open Directory users, but no matter what I do Active Directory
> users can always log in.
>
> Is there a way to do what I am trying to achieve while still using Active
> Directory user accounts?
>
> Thanks in advance for your help,
>
> David Rocamora
>
>
>
> This message is the property of R/GA and contains information which may be
> privileged or confidential. It is meant only for the intended recipients
> and/or their authorized agents. If you believe you have received this message
> in error, please notify us immediately by return e-mail or by forwarding this
> message to email@hidden, and destroy any printed or electronic copies of
> the message. Any unauthorized use, dissemination, disclosure, or copying of
> this message or the information contained in it, is strictly prohibited and
> may be unlawful. Thank you.
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed. If
> you have received this email in error please notify the system manager. This
> message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Client-management mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/client-management/justin_krisko%40ipcme
> dia.com
>
> This email sent to email@hidden
-----------------------------------------------------------------------
This E-mail is from IPC Media Ltd whose registered office is at Kings
Reach Tower, Stamford Street, London SE1 9LS, registered number 53626.
The contents and any attachments to it include information that is
private and confidential and should only be read by those persons to
whom they are addressed. IPC Media accepts no liability for any loss or
damage suffered by any person arising from the use of this e-mail.
Neither IPC Media nor the sender accepts any responsibility for viruses
and it is your responsibility to check the email and attachments (if any).
No contracts may be concluded on behalf of IPC Media by means of e-mail
communications. If you have received this e-mail in error, please destroy
and delete the message from your computer. For unbeatable savings on
magazine subscriptions and great gift ideas visit www.giftmags.co.uk
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
