• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

2003 GPOs

Hi all
Running a 2003 domain with OUs as sites.

Applied GPO onto OU with lockdown settings of hard drive, control panel, cd rom etc for all standard users.

Need to be able to have a group or something whereas I can unrestrict a/some users from using for example the control panel.

Is there any easy way to set up a group of users for control panel access to be enabled in the OU which will override the GPO, just for the selected users in the group?

I have seen this done before, but I cannot remeber how it was done.

Any help would be appreaciated please?

Regards
Chillinlong





0
chillinlong
Asked:
chillinlong
1 Solution
 
jhautaniCommented:
Add the group to GPO's security and set its apply permission to Deny.

hope this helps
0
 
chillinlongAuthor Commented:
Thanks for your response, I have considered this but then this would deny all the GPO settings.

I just want to have a group that enables the CD-rom for example?

Unless I create a specific GPO for every group I intend to have. Which I dont really want to do, unless I must.
0
 
oBdACommented:
You will need different GPOs for each setting that you want to set for different users.
The best approach:
Create, to stay with your example, three GPOs: LockHD, LockCP, LockCD. Configure the restrictions accordingly. Create three global groups, for example GPolLockHD, GPolLockCP, GPolLockCD. Make your users members of the appropriate groups. Change the security settings on each GPOs: Remove the default "Authenticated Users" from "Apply" and "Read" permissions. Instead, add the matching global group with Read and Apply permissions.
Now depending on the groups the user is in, different (or all) settings will be locked. Users which are in no "Lock" group will have no restrictions.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now