+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 18 of 18
Windows 8 Thread, Disable logon for group but allow login for one user in that group in Technical; Originally Posted by themightymrp I think @ sted is on the right lines with breaking things into smaller groups. Split ...
  1. #16


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,593
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    Quote Originally Posted by themightymrp View Post
    I think @sted is on the right lines with breaking things into smaller groups. Split you staff laptops OU into departments, and split your member of staff into departments. Then you could just allow Maths teachers to log onto Maths laptops. The admin side of doing this is not massive and at least you can narrow down the culprits a little better.

    You could still deny student logons overall to the staff laptops using the GPO mentioned at the beginning
    i still think if it really must be one to one bitlocker and pin/usb stick is easiest as long as people turn them off and dont share pins/usb drives and even if they do leave them on person 2 can only use it until its turned off

  2. #17

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by william_tropico View Post
    I should say that we have teacher desktops in each room so the method mentioned about would not be feasible. Would take too much effort to set up every computer with access.

    Thank you,
    William
    Unless you can do something fancy using Powershell and a CSV, but otherwise maybe something third party is required?

    I agree it's one major flaw in Active Directory and Microsoft need to add more options in this area.

  3. #18

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,174
    Thank Post
    868
    Thanked 2,703 Times in 2,289 Posts
    Blog Entries
    11
    Rep Power
    773
    If it is locked to the user you need a machine GPO for each staff user then apply that either with individual ou per laptop or wmi filtering on the host name per policy applied to the laptops.



    The administrators group will always be allowed through.

    We had to do this for our office machines as the teachers kept logging in and breaking them.
    Last edited by SYNACK; 9th June 2014 at 12:14 PM.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Block vbs cmd but allow login scripts etc
    By itgeek in forum Windows
    Replies: 7
    Last Post: 1st April 2014, 04:07 PM
  2. IE group policy not working for some users in same groups?
    By reggiep in forum Windows Server 2008 R2
    Replies: 2
    Last Post: 23rd September 2013, 01:00 PM
  3. Replies: 2
    Last Post: 22nd October 2012, 01:19 PM
  4. Replies: 2
    Last Post: 1st July 2009, 10:46 AM
  5. Replies: 1
    Last Post: 7th September 2007, 02:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •