Our organisation has an AD; all users are in the one OU. I administer a section of the users. We have a bunch of computers that I only want to allow logon by users in a particular AD group (i.e. users in my section). How might I go about this?
SnapOverflow
Group Policy depends on Active Directory, whether for security or normal policies, and therefore, it is crucial to understand Active Directory and its structure.
I would like you to go through this Microsoft KB article. I hope this will be useful for you, and the link I'm posting is for Windows 2000 as you did not mention for which Windows version you want to restrict.
For sake of time, search for a third party tool, as today there are many third party tools available which are made to manage Active Directory in an easy way.
I recommend breaking out your users by organizational function and likewise with your computers. Create a GPO to restrict access to those computers to only members of that function's OU.
You could also create a Security Group for the users and a security group for the computers and restrict access to the computer group to only allow the members of the users' group. (This can be done in any number of ways.)
You don't mention information about what version of Windows is in use, most likely because you don't have access to the boxes. I would ask the administrators to either setup GPO rules against an OU as gWaldo mentions and have them delegate administration of that policy to you or have them setup item-level targeting against a specific group of users that you are able to control.