Hello,
Is there any way to use NOT logic with "net sam set workstations"?
Instead of explicitly declaring which workstations are allowed, I would
like to explicitly declare which ones are not on a per user basis.
The reason is that many users bring in their own systems
(desktops/laptops) and in order to deny them logons to administrative
systems I have to limit access via "net sam set workstations" which
has
the unfortunate side effect of preventing use of domain resources, such
as printing even when they enter their proper domain credentials (their
personal systems are not domain members) as these personal systems are
not in the allowed list. Of course these systems can added but there's
a delay, complexity that I would like to avoid, and besides most of
them don't even know how to find the hostname of their system.
With !logic all systems not explicitly denied would be implicitly
allowed and would make this management task a lot easier.
Thank you.
--
Chris
