Change list of allowed logon computers from batch file

Solution 1:

You need to update the "userWorkstations" AD attribute for the users.

In VBS it would be something Like:

On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set ObjRootDSE = GetObject("LDAP://RootDSE")
strOU = "OU=SCRIPT,DC=Company,DC=local"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
objCommand.Properties("Sort On") = "SN"

objCommand.CommandText = _
    "SELECT Name, displayName, distinguishedName FROM 'LDAP://" & strOU & " ' WHERE objectCategory='user'" 

Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF

    usrDN = objRecordSet.Fields("distinguishedName").Value
    Set objUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)

    Err.Clear
    Set objCnt = GetObject("LDAP://" & usrDN)
        If (Err.Number > 0) Then
        Else 
            objUser.userWorkstations = "abc"
            objUser.SetInfo
        End If 
    objRecordSet.MoveNext

    Loop
objRecordSet.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
objConnection.Close
Set objConnection = Nothing
WScript.Quit

This takes all users in the top level "SCRIPT" OU and modifies the userWorkstation attribute for each. Obviously you can manipulate it as needed.

Also, as Greg pointed out the attribute is not an array and to specify more than one workstation you would use:

objUser.userWorkstations = "computer1,computer2,computer3"