I am trying to control the access of users to the workstations connected with Active Directory by using the "Workstations" option in parameters section of provisioning policy in ITIM 5.1 but this is not working. This is the procedure which I followed
I added the name of a computer connected with AD in the 'workstations' option and selected 'excluded' for it. After enforcing the policy and reconciling when I try to log in the user into to the computer for which I have selected the 'excluded' value, he logs in which he should not as described in the provisioning policy.
I tried adding both the Computer Name and the DNS name of the computer in the 'Workstations' option but it still did not work.
What could be the possible problem????
The directory server attribute for the workstations is "erADLoginWorkstations"