none
How to restrict multiple users log on to a specific group PCs by cmd!!! RRS feed

  • Question

  • Hi all,

    Currently, I have to limit a group Users log on to a specific multiple PCs

    I can do that by "Account tab/ Log on to" in each User property, but it take much time to do for multiple User and PCs

    Is there any more effective way to archive this by cmd/powershell, if User and PC list are avaiable

    Thanks

    Friday, July 22, 2016 6:19 AM

Answers

  • You can use get-aduser and set-aduser commandlets in powershell

    e.g.

    $Users=Get-ADUser -Filter * -Properties LogonWorkstations | ?{$_.LogonWorkstations}
    
    $Users| Set-ADUser -LogonWorkstations "Workstation_Name"
    


    my blog: http://shserg.ru/

    • Marked as answer by TaiNL Monday, July 25, 2016 1:18 AM
    Friday, July 22, 2016 8:19 AM
  • You can easily do this:

    Get-ADUser -Filter * -SearchRoot <dn> | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'

    Get-AdGroupMember usergroup  | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'

    'john','jane','mary','ted' | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'


    \_(ツ)_/




    Friday, July 22, 2016 2:15 PM
  • Because I have no experience about PS, Could you show me detail PS command with below specific situation

    I want to add all members in group "InternGP" to acess all PCs in group "InternPC"

    Thanks so much!!!!


    Sorry but we cannot write scripts for you. It is not the purpose of this forum.

    \_(ツ)_/

    • Marked as answer by TaiNL Wednesday, July 27, 2016 2:35 AM
    Monday, July 25, 2016 4:42 AM
  • LogonWorkstations can only be a string of computer names.  You can use an array and convert to a string.

    $stations=Get-Content computers.txt
    $stationlist=$stations -join ','


    \_(ツ)_/

    • Marked as answer by TaiNL Tuesday, August 2, 2016 7:38 AM
    Tuesday, August 2, 2016 6:48 AM

All replies

  • You can use get-aduser and set-aduser commandlets in powershell

    e.g.

    $Users=Get-ADUser -Filter * -Properties LogonWorkstations | ?{$_.LogonWorkstations}
    
    $Users| Set-ADUser -LogonWorkstations "Workstation_Name"
    


    my blog: http://shserg.ru/

    • Marked as answer by TaiNL Monday, July 25, 2016 1:18 AM
    Friday, July 22, 2016 8:19 AM
  • You can easily do this:

    Get-ADUser -Filter * -SearchRoot <dn> | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'

    Get-AdGroupMember usergroup  | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'

    'john','jane','mary','ted' | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'


    \_(ツ)_/




    Friday, July 22, 2016 2:15 PM
  • Thanks for your assist,

    I will test to map for a group User and a group PC

    If facing trouble, I will tell you

    Thanks

    Monday, July 25, 2016 1:19 AM
  • Because I have no experience about PS, Could you show me detail PS command with below specific situation

    I want to add all members in group "InternGP" to acess all PCs in group "InternPC"

    Thanks so much!!!!

    Monday, July 25, 2016 3:29 AM
  • Because I have no experience about PS, Could you show me detail PS command with below specific situation

    I want to add all members in group "InternGP" to acess all PCs in group "InternPC"

    Thanks so much!!!!


    Sorry but we cannot write scripts for you. It is not the purpose of this forum.

    \_(ツ)_/

    • Marked as answer by TaiNL Wednesday, July 27, 2016 2:35 AM
    Monday, July 25, 2016 4:42 AM
  • Thanks for your help,

    But I'm trying to set -logonworstation for multiple PCs ( 60 PCs)

    Get-AdGroupMember usergroup  | Set-ADUser -LogonWorkstations  'ws001,ws002,ws003'

    But because we have a lot of PCs. So, it seems have a limitation for windows powershell.

    Are there anyway to replace 'ws001,ws002,ws003' by a group name?

    Tuesday, August 2, 2016 6:42 AM
  • LogonWorkstations can only be a string of computer names.  You can use an array and convert to a string.

    $stations=Get-Content computers.txt
    $stationlist=$stations -join ','


    \_(ツ)_/

    • Marked as answer by TaiNL Tuesday, August 2, 2016 7:38 AM
    Tuesday, August 2, 2016 6:48 AM