Solved

2003 GPOs

Posted on 2004-08-18
3
257 Views
Last Modified: 2010-03-18
Hi all
Running a 2003 domain with OUs as sites.

Applied GPO onto OU with lockdown settings of hard drive, control panel, cd rom etc for all standard users.

Need to be able to have a group or something whereas I can unrestrict a/some users from using for example the control panel.

Is there any easy way to set up a group of users for control panel access to be enabled in the OU which will override the GPO, just for the selected users in the group?

I have seen this done before, but I cannot remeber how it was done.

Any help would be appreaciated please?

Regards
Chillinlong





0
Comment
Question by:chillinlong
3 Comments
 
LVL 10

Expert Comment

by:jhautani
ID: 11829585
Add the group to GPO's security and set its apply permission to Deny.

hope this helps
0
 
LVL 1

Author Comment

by:chillinlong
ID: 11829704
Thanks for your response, I have considered this but then this would deny all the GPO settings.

I just want to have a group that enables the CD-rom for example?

Unless I create a specific GPO for every group I intend to have. Which I dont really want to do, unless I must.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 11830529
You will need different GPOs for each setting that you want to set for different users.
The best approach:
Create, to stay with your example, three GPOs: LockHD, LockCP, LockCD. Configure the restrictions accordingly. Create three global groups, for example GPolLockHD, GPolLockCP, GPolLockCD. Make your users members of the appropriate groups. Change the security settings on each GPOs: Remove the default "Authenticated Users" from "Apply" and "Read" permissions. Instead, add the matching global group with Read and Apply permissions.
Now depending on the groups the user is in, different (or all) settings will be locked. Users which are in no "Lock" group will have no restrictions.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now