Would be nice to have the zentyal-desktop install some capability / logic to update restricted login timetable on workstations.
I've recommended puppet before and i'll recommend it again.
Workflow would be : On Server
1. edit group "Sales"
2. add permitted workstations (pick objects from network admin module)
3. apply result:
- each workstation is identifiable by its MAC address
- each workstation will have its IP address set to one if sepcified
1. edit user "Bob"
2. add user bob to the "Sales" group
3. applyresult: user is part of the sales group
1. edit Network Object: "All Workstations"
2. add login timetable for "Sales Group"
3. set timetable to: mon-fri, 8am - 5pm
- sends puppet commands to affected network objects to update their /etc/security/times.conf
- sends wakeonlan signals to any unpowered machines and repeats puppet signals
- also permits any user group and/or user that is specified by a timetable to login to the machine