General discussion

Locked

adding PCs vs. users into an OU

By wildbear63 ·
I have a situation that I hope someone can clarify for me. I have the network manager wanting us to change our naming convention for the user's PCs because he says they have issues with AD that using a unique PC ID (which we use now) makes it much more difficult. If we go with a PC name based on the User ID, that stays the same across all PCs that user might use, then we run into duplicate name conflicts every time we have a major rollout or re-image a PC (which we do almost daily). He says the issues affect Active Directory, antivirus, SMS, and NetMeeting, and various daily and weekly issues in the network side of it. In all my training and experience I was under the distinct impression that using a PC name instead of a user ID to assign rights in an OU was the last resort and probably the worst practice. Am I wrong? We don't have any general use PCs such as Internet kiosks. All PCs are specifically assigned to a user.

Any help would be greatly appreciated.

Barry

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Function versus Expectation

by TheMessenger In reply to adding PCs vs. users into ...

Actually, you should be able to assign policy to any object in the OU.
If you remember that OU's are just containers full of objects, then a management process can be created around that.
As a general rule, you should not mix different types of objects as it leads to a huge management process problem.
If you manage computers as computers (what you do applies to all users), and users as users (what you do applies only to that user), then the AD structure and naming conventions should be easy.
We manage about 3000 computers and 2500 users with a AD structure that is no more than 3 levels deep.
We have 5 different apsects of computer and 5 different aspects of users that get policies pushed. Based on that, we can manage our users and pc's quite well.
With SMS, we push software based on a computer or by user groups, not to the individual user.
Our computer names are prefixed with 3 letters that designate the function of the computer.
Couple this all with some hard file security and we have easily managed and almost unhackable computers.

Your computer names should be linked to something unique about the PC, not linked to who owns the computer. That should be left to asset management software. You can probably manage a computer based on user by using SMS queries to identify the certain things needed for tracking and management.


It really sounds like the user/pc management process should be looked at from a higher level to find the best solution for now, and for future rollouts. It also seems that some of the other tools have processes linked to them that may need revisited. The PC rename thing would be a quick fix but would cause lots of unneeded headaches down the road.

Collapse -

What sort of issues?

by gralfus In reply to adding PCs vs. users into ...

Did he explain what sort of issues he has with unique computer IDs? I'm tempted to think he has set up his systems oddly and is trying to work around it instead of fixing it.

Tying the PC name to the user is a really bad idea unless you have users that don't ever switch jobs, or leave the company, or share their PC with another user.

Unique PC names, using a prefix based on the department (like the other writer suggested), is the standard approach we take.

Back to IT Employment Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums