Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Educational Global Policy Suggestions and Assistance

Posted on 2004-08-20
5
Medium Priority
?
178 Views
Last Modified: 2010-04-11
We have a small W2000 network using active directory.  I am no IT pro... just learning to navigate through MMC and active directory functions.

We have about 35 XP pro workstations and I need to lockdown the desktops pretty tight for 1/2 of the group and some specific functions for the other half. (ie: explorer)  

(1) Need some ideas on what to lockdown to protect the individual workstations and the network.

(2) How do I do this?

If you could send some suggestions and point me in the right direction on the "how to" part, I would appreciate it.

Thanks
0
Comment
Question by:Derek_Watson
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 200 total points
ID: 11857267
Ok. 1, go on your domain server.
2 - go to your AD User and computer
3 - Under the root of your domain, create 2 OU (organizational unit) group 1 and group 2..
4 - Move the user account coresponding to each group in each OU
5 - Right click each OU, properties, group policy tab.
6 - create a new group policy, after edit it.
7 - browse through the different setting you see in there, and remove access/give access to what you want. There's tons of stuff in there, go through everything for
your own cultural enlightment :)
8 - Repeat for second OU, then wait a few minutes, reboot computers, and make your user log back on.

Voila.


0
 

Expert Comment

by:dstarfire
ID: 11872846
As a general rule: on public workstations, you should lock down everything except those features you want the user to have access to.

A specific list of each item to lockout would be huge, as you'd need to lockout every way to do a forbidden task, to make the security worthwhile. Just open up your group-policy browser, and browse through the options, and read the descriptions for the less obvious settings (which are included in the same details window, thankfully)
0
 

Author Comment

by:Derek_Watson
ID: 11875101
Thanks.  We will try and let you know how it goes.
0
 

Author Comment

by:Derek_Watson
ID: 11887267
Thanks for your help... I apologize, but I am still learning W2000 Active Directory.

I was able to create the groups in Active Directory under the proper domain, then I was able to add the users the new groups. However, when I right clicked on the group I set up, there was no tab for group policy.

Please help.

Thanks
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11891648
You need to put them in organisational unit, not groups! :)

right click domain, new -> organisational unit..
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question