I'd to know if there is a simple way to create a group policy in AD so that all users logging into workstations on our network would have critical options disabled. Some of those options would include:
Access to the Control Panel
being able to run "cmd" or "command" from Run Window
being able to run "regedit.exe" from Run Window
...and any other functions that could adversley affect the workstation
FYI none of the workstations have specific user accounts set up locally. Users just log in and based on AD and by default inherit the "users" permissions which are restricted.
I'm really new to AD so step-by-step instructions would very much be appreciated.