Solved

2003 GPOs

Posted on 2004-08-18
3
262 Views
Last Modified: 2010-03-18
Hi all
Running a 2003 domain with OUs as sites.

Applied GPO onto OU with lockdown settings of hard drive, control panel, cd rom etc for all standard users.

Need to be able to have a group or something whereas I can unrestrict a/some users from using for example the control panel.

Is there any easy way to set up a group of users for control panel access to be enabled in the OU which will override the GPO, just for the selected users in the group?

I have seen this done before, but I cannot remeber how it was done.

Any help would be appreaciated please?

Regards
Chillinlong





0
Comment
Question by:chillinlong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Expert Comment

by:jhautani
ID: 11829585
Add the group to GPO's security and set its apply permission to Deny.

hope this helps
0
 
LVL 1

Author Comment

by:chillinlong
ID: 11829704
Thanks for your response, I have considered this but then this would deny all the GPO settings.

I just want to have a group that enables the CD-rom for example?

Unless I create a specific GPO for every group I intend to have. Which I dont really want to do, unless I must.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 11830529
You will need different GPOs for each setting that you want to set for different users.
The best approach:
Create, to stay with your example, three GPOs: LockHD, LockCP, LockCD. Configure the restrictions accordingly. Create three global groups, for example GPolLockHD, GPolLockCP, GPolLockCD. Make your users members of the appropriate groups. Change the security settings on each GPOs: Remove the default "Authenticated Users" from "Apply" and "Read" permissions. Instead, add the matching global group with Read and Apply permissions.
Now depending on the groups the user is in, different (or all) settings will be locked. Users which are in no "Lock" group will have no restrictions.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question