Solved

2003 GPOs

Posted on 2004-08-18
3
263 Views
Last Modified: 2010-03-18
Hi all
Running a 2003 domain with OUs as sites.

Applied GPO onto OU with lockdown settings of hard drive, control panel, cd rom etc for all standard users.

Need to be able to have a group or something whereas I can unrestrict a/some users from using for example the control panel.

Is there any easy way to set up a group of users for control panel access to be enabled in the OU which will override the GPO, just for the selected users in the group?

I have seen this done before, but I cannot remeber how it was done.

Any help would be appreaciated please?

Regards
Chillinlong





0
Comment
Question by:chillinlong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Expert Comment

by:jhautani
ID: 11829585
Add the group to GPO's security and set its apply permission to Deny.

hope this helps
0
 
LVL 1

Author Comment

by:chillinlong
ID: 11829704
Thanks for your response, I have considered this but then this would deny all the GPO settings.

I just want to have a group that enables the CD-rom for example?

Unless I create a specific GPO for every group I intend to have. Which I dont really want to do, unless I must.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 250 total points
ID: 11830529
You will need different GPOs for each setting that you want to set for different users.
The best approach:
Create, to stay with your example, three GPOs: LockHD, LockCP, LockCD. Configure the restrictions accordingly. Create three global groups, for example GPolLockHD, GPolLockCP, GPolLockCD. Make your users members of the appropriate groups. Change the security settings on each GPOs: Remove the default "Authenticated Users" from "Apply" and "Read" permissions. Instead, add the matching global group with Read and Apply permissions.
Now depending on the groups the user is in, different (or all) settings will be locked. Users which are in no "Lock" group will have no restrictions.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question