You need to delegate Write/Read LogonWorkstation permissions in user account
Remember tis attribute las 64 entries limit. You should use GPO and allow logon localy instead
Which access right required to add or remove log on to Workstations
For restricting the end users, we are trying to use the Log on to button in User Account properties. We try to run the following command which fails
Set-ADUser -Identity <UserID> -LogonWorkstations <Hostname>
When we raised this with the vendor (who supports AD) they advised that a design change is required to grant this access.
Can a expert here verify which access rights are required so that a group of Users can get the access to add/remove computers to User account - Log on to tab?
As this thread has been quiet for a while,
If this question has any update?
If you have any questions or concerns about it, please don't hesitate to let us know.
Sign in to comment