Locking Down Users

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

How would i lock down users...

win2k3 server

KISS

edit: i want to give them no access to CP, wallpaper properties etc

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

GPO thats linked to the users..... just got to find out which ones... i know there is def one for control panel.... let me boot up my server..

 

Mr.Cheeks,

If you want us to KISS, then you need to give us specific list of things you would like to lock down. "etc" in the geekworld is like asking "subnet the internet"

 

R.H.Lee,

In all honestly, im just faffing around, but just cant find the link where you can lock down a CP / Wallpaper or anything like that.
i checked everywhere, the easiest box i found was Server Management (is the box called mmc or snap-in?)

edit: just downloaded windows resource kit tools - i'll see if that helps.

 

Open Group Policy then under User Configuration ---> User Configuration ---> Control Panel ---> Enable the Prohibt acces to the CP

Then still in the CP tab click on Display and you can Prevent user from changing wallpaper by enabling that entry..

remember to make sure you create a group and move the users into that group and apply that policy edit to that group. DONT edit the default policy!

Then run gpupdate at the cmd prompt to refresh the group policy

 

under Admin Tools i have Group Policy Management and there is no User config there...

 

alright u got the new GPM you need to create a new GPO using that console.. and to be honest i havent used the GPM that much! But once you reach creating the GPO you use the ones i described above...

im downloading GPM now so i might be back

and open active directory users and computers

 

Right

Open the GPM from admin tools if you like

Double click on Forest :forest name then double click on Domains then right click on your domain name

Enter a name for the GPO

Then right click on that new GPO you made and click edit

Now use the changes i showed you in my first post

Add the users you want affected under the Security filtering

then run gpupdate

ps like i said first time im using GPM console

 

Just figured it out... Thanks

 

Cheeks,

You can also allow certain applets to be accessed from within control panel, leaving the ones you don't want out of the panel all together!

To do this, you need to add the program name from the policy setting. I have attached a snapshot for you.

User Configuration > Admin templates > Control Panel > Show only specified applets.

In the example I have attached, I have allowed access to the accessability applet. Once this is applied, this will be the only option from within Control Panel.

You can find all the applets you want to allow by searching for *.cpl from the Windows search facility.

Merry Christmas

Si

 

Boycey - Thanks for that.

 

nope didn't work - im going wrong somewhere; i think its down to the user accounts.

 

Under the Security Filtering is where you add the groups: Did you create a group in AD and add all the users to that group then add that group under Security Filtering?

Then did you run gpupdate from the command prompt?

 

The problem was that I added the users under "Guest" group and not "User" Group.

under security filtering, can i not add a group, instead of a user at a time. i know who can add ; at the end of the user but if i have 10 users, then that will be soooo long winded...

 

Yes you can add a group

 

Zimbo, Group Policy can be applied to Users or Computers not to *groups*.

Quote from Microsoft FAQ's on Group Policies..

http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx

 

it seems that i did not work, which i thought it did;





but when i went to the other machine, i logged in as tester and went into control panel and was able to adjust the settings.

i ran gpupdate aswell, logged out and back in and even waited for 120mins aswell!

 

Cheeks,

Not sure if you have made the other configurations, but from your screen capture you have only disabled the *add and remove* applet.

I have attached a screen capture for control panel, which is the next setting up.

Regards

Si

 

still no luck - still can access CP

 

Cheeks,

*Do* a;

gpresult > txt from cmd at the client machine and paste the results here mate.

Si