Hello forum!
We are trying to create a setup not unlike the one posted before here:
DLU Administrators Policy changed to DLU users policy
I've successfully made it so that one single user can log in to one devices as only user and one device as administrator.
In our scenario we have two types of devices and two types of users:
Devices: Student laptops and everything else
Users: Students and staff
The goal is to have staff always log in as administrator on both staff and student devices.
and students log in as administrators *only* on student devices.
The current setup has two folders and 3 DLU polices:
Folders: Student and staff
Policies:
Default DLU (applied on all devices, user group = Users+, no restrictions)
DLU - Admin for student (applied on a single student account, user group = Administrator+, Exclude workstation list "every folder except student folder")
DLU - Admin for staff (applied to a single staff account, user group = Administrator+, no restrictions)
Our eDir user sources has 1 container:
Users (all users, no sub-containers)
Is there another way to design this reliable with/without least privileged method?
Is it possible to automatically group users without sub-containers?
Our user can be identified based on the first letter.