[gptalk] Re: Disabling Computer Accounts

  • From: "Chris Williams" <CWilliams@xxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 25 Jan 2007 09:52:48 -0800

Darren,

  My apologies for not mentioning that the pc's are in an OU called
WorkstationsXP...

Chris

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Thursday, January 25, 2007 8:45 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disabling Computer Accounts

Neil-
First off, the Computers container is not an OU, so you can't link a GPO
to
it. You can only link it to the domain to effect those machines and then
that GPO would apply to all computers unless you managed the security
permissions around it. I think your better bet is to make sure that all
new
computer accounts added to the domain are sent to a particular OU.
Server
2003 includes redircomp.exe that lets you change the default location
that
new computer accounts are sent to. You could then use a GPO linked to
that
"holding" OU to lock down those systems.

Darren

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of neil@xxxxxxxxxxxxxxxx
Sent: Thursday, January 25, 2007 8:04 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Disabling Computer Accounts

Hi all,

Does anyone have any ideas on how best to achieve the following.

I need to make a computer that is intially built into the domain -
virtually unusable until it is placed in the correct OU.

I had thought of applying a very restrictive GPO to the default
computers
OU which made it unusable but not quite sure which settings to apply and
if there are any issues with doing this.

It is bascially to stop people bypassing build procedures and policies
and
not putting the computer into the correct OU.

Thanks for any thoughts :)

Neil
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************

[For your protection, this messages has been scanned for viruses.]


***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: