Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
DennisMCSE

Senior Member
Registered:
Posts: 172
Reply with quote  #1 
At work, we use generic AD user accounts for our production computers. And to make sure the user accounts are only used on the computers they are supposed to be used on, we add the computer to the Log On To on the Account tab of the generic account. How many computer accounts can we add to the Log On To for each user account? On a few of the accounts, I'm getting a maximum limit reached and that I have to delete computers to add new ones.

0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 327
Reply with quote  #2 
Hi,

that depends on how long your computer names are. The Attribute, as documented in https://docs.microsoft.com/en-us/windows/desktop/ADSchema/a-userworkstations is a 1024-character Unicode string and there is one separator character between each two names so if your computer names have the maximum length of 15 you can put 64 of them in there. If you have 7-character names like PC12345, you can fit 128 of them in that string.

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
DennisMCSE

Senior Member
Registered:
Posts: 172
Reply with quote  #3 
Evgenij, thanks. That's what I needed to know. Our computer names are 14 characters long. That sounds about right when I scroll through the computernames, it's about 65 to 70 computers.

0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 327
Reply with quote  #4 
I would solve this via Group Policy rather then by listing Workstations.
__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
jsclmedave

Administrator
Registered:
Posts: 479
Reply with quote  #5 
Quote:
Originally Posted by cj_berlin
I would solve this via Group Policy rather then by listing Workstations.


Or LAPS.  Group Policy would easily work for this as well.


Local Administrator Password Solution
https://technet.microsoft.com/en-us/mt227395.aspx


Local Administrator Password Solution (LAPS)
https://www.microsoft.com/en-us/download/details.aspx?id=46899

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.