[gptalk] Re: Disabling Computer Accounts

• From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Thu, 25 Jan 2007 08:45:09 -0800

Neil-
First off, the Computers container is not an OU, so you can't link a GPO to
it. You can only link it to the domain to effect those machines and then
that GPO would apply to all computers unless you managed the security
permissions around it. I think your better bet is to make sure that all new
computer accounts added to the domain are sent to a particular OU. Server
2003 includes redircomp.exe that lets you change the default location that
new computer accounts are sent to. You could then use a GPO linked to that
"holding" OU to lock down those systems.

Darren

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of neil@xxxxxxxxxxxxxxxx
Sent: Thursday, January 25, 2007 8:04 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Disabling Computer Accounts

Hi all,

Does anyone have any ideas on how best to achieve the following.

I need to make a computer that is intially built into the domain -
virtually unusable until it is placed in the correct OU.

I had thought of applying a very restrictive GPO to the default computers
OU which made it unusable but not quite sure which settings to apply and
if there are any issues with doing this.

It is bascially to stop people bypassing build procedures and policies and
not putting the computer into the correct OU.

Thanks for any thoughts :)

Neil
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at //www.freelists.org/archives/gptalk/
************************

• Follow-Ups:
  • [gptalk] Re: Disabling Computer Accounts
    • From: neil
  • [gptalk] Re: Disabling Computer Accounts
    • From: Chris Williams

• References:
  • [gptalk] Disabling Computer Accounts
    • From: neil

Other related posts:

• » [gptalk] Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts
• » [gptalk] Re: Disabling Computer Accounts

1. Home
2. gptalk
3. Archive
4. 01-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---