How to delegation 150 users to 150 specific computers

hey everyone :slight_smile:

I need your help.
I have small company with 150 users and every user have his own laptop.

What I need to do, is the every user will have the permeation to use only his own computer, and if someone else want to use the computer he will get access denied.

How to do it??

10X so much for you help,
TheSherifff

Noam,
Welcome to the forums. :wave:t4:

First of all: When you crosspost the same question at the same time to different forums you should at least post links to the other forums along with your question to avoid people willing to help you making their work twice or more.

Thanks in advance.

Now to your question:
The recommendation Theo gave you on SO in his comment is the right way to go. GOP are made for tasks like this, are supported my MSFT and much easier to maintain than a self written script.

The article linked on the SO reply is not very well written and I don’t think the GPO example in option A resolves op’s problem - it looks like its purpose is to restrict which domain a user can use.

As OP has only 150 users, I would suggest setting the LogonWorkstations attribute (Account | Log on to… in ADUC).

You will need a list of identities (dn, sAMAccountName etc.) and the name of the computer assigned to the user.

Assuming CSV format something like this will work (don’t have an AD to test against):

$userList = Import-CSV C:\Temp\userList.csv
foreach ($user in $userList) {
    Get-ADUser $($user.sAMAccountName) | Set-ADUser -LogonWorkstation $($user.computerName)
}

Edit: obviously OP should bear in mind that if the users require access to Terminal Services servers, for example, then those computers need to be added as well.