?
Solved

Disable Control Panel on Clients from Server

Posted on 2003-11-14
8
Medium Priority
?
764 Views
Last Modified: 2012-05-04
Hello

I'm running Windows 2000 Server, and I have about 20 clients in which I want to disable the Control Panel on all of them.  I created a new OU and named it "Disable Control Panel" added the users that I want to disable the control panel on.  And created the Group Policy to Enable "Disable Control Panel."  My question is when I log onto one of the client computers with one of the users name in the OU.  The Control Panel is still visible and I can still enter it.  But if I go to the Server and login in with one of the user names in the OU the control panel is disabled.  So it does work on the Server, but not on the client computers.  

I also ran secedit and gpupdate on both the client and server to see if the Group Policy would kick in but nothing.

Can someone please tell me what I'm doing wrong?

P.S. Clients are running either Windows 2000 Professional or XP Professional.

Thank you,
DaliSalv22
0
Comment
Question by:DaliSalv22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9768857
Back up your registry !

This is a edit for denying access to the control panel for
*users on a machine
*or the entire system
http://www.winguides.com/registry/display.php/543/

Disable Control Panel Instuctions with Group Policy
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/143.asp

Unfortunately you will be unable to deploy the action from the server unless you know how to write a script that will edit the registry on client machines. I Don't know of any! You will have to take the time and edit these machines by hand if you don't want them to have acces to these functions. but at least they can not change anything on the server side!

USER Accounts shouldn't be able to make system changes anyway!
do you have your client machines set up for special access on the system.

wtrmk74
0
 
LVL 7

Accepted Solution

by:
wtrmk74 earned 1000 total points
ID: 9768875
even quicker
edit one machine
open regedit
export registry file
selected branch

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

deploy this file on all client machines.

wtrmk74
0
 

Author Comment

by:DaliSalv22
ID: 9772496
Thank you for your reply.

So the Group Policy feature in Windows 2000 server will only disable the control panel on the server for the users that directly login to the server?


So I have to change all my clients registry to disable the control panel, that's stinks.  I thought there was an easier way going through the server.

Thanks anyway,
DaliSalv22  
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 7

Expert Comment

by:wtrmk74
ID: 9775410
Good luck
take care


wtrmk74
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9807182
Dear DaliSalv22,
I fell terrible that I have steered you in the improper direction
yet being able to edit the registry is great and usefull, it is definately not what you want to spend you time doing.

even if you edit the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
it wil only effect that user ONLY
and if you edit the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
it will only effect the NEW users added to the USER PROFILES LIST after the registry change.

As I said I feel terrible that I have steered you in a somewhat wrong direction that will ultimately get you nowhere.

please read this entire article about an international electronics company that used the OU to do just what your asking and much much more...

Designing and Implementing an Organizational Units:
http://www.microsoft.com/WINDOWS2000/techinfo/reskit/deploymentscenarios/scenarios/ou_design_implement_ou_structure.asp

feel free to post a request for refund of POINTS in The Community Support section if this article does not help you achieve your goals sucessfully.

unhappily appologetic
wtrmk74
0
 

Author Comment

by:DaliSalv22
ID: 9811802
Hello, wtrmk74.

Don't worry about it, but I do appreciate you responding again with better articles to look at.  I did take a look at the articles that you listed above and they did help me out.  I finally got the the control panel disabled.  It worked two ways either adding the computer to the OU which has the disabled Control Panel policy in it, or having the user under the OU that has the disabled Control Panel policy in it and adding the user to be a member of "Domain Admins."  The Group Policy wouldn't work when the user was only a member of "Domain Users."  

I did run into another problem though, go figure!!  I applied other restrictions to the Group Policy such as disabling the "Properties" under My Computer, disabling access to Network Neighborhood and they all worked fine.  However, when I disabled access to regedit.exe and cmd.exe under the Group Policy it still lets me run both programs, while the other restrictions I set are still working fine.  Can't seem to figure out why these two restrictions don't work.  If you have any ideas what could be causing this, I'd appreciate your help.

Thanks again,
DaliSalv22  
0
 

Author Comment

by:DaliSalv22
ID: 9813644
Hello, wtrmk74.

Well I figured out why it wasn't updating my Group Policy for the registry and cmd prompt.  I had to have my primary DNS pointing to my DNS Server where I have the Group Policy on.  I had it set up like and that's when my restrictions started working, but then I switched the DNS back to use the ISP DNS servers that's when it stopped working.  I didn't realize that's were the problem was coming from.  But then I saw Userenv errors in my Application Log, and I figured out it was the DNS.  It's always something so easy to figure out, but it took me awhile to realize what I have done wrong.  Oh well, live and learn.    

DaliSalv22
0
 
LVL 7

Expert Comment

by:wtrmk74
ID: 9815083
Hello,
I am pleased to hear that everything is up and running smooth now. Glad the article helped solve those problems.
Getting everything pointed to the right place can certainly drive you crazy and yet it always seems the simplest solutions are always overlooked!

So I guess that's it then....

thanks for your patience
wtrmk74
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question