Solved

Educational Global Policy Suggestions and Assistance

Posted on 2004-08-20
5
172 Views
Last Modified: 2010-04-11
We have a small W2000 network using active directory.  I am no IT pro... just learning to navigate through MMC and active directory functions.

We have about 35 XP pro workstations and I need to lockdown the desktops pretty tight for 1/2 of the group and some specific functions for the other half. (ie: explorer)  

(1) Need some ideas on what to lockdown to protect the individual workstations and the network.

(2) How do I do this?

If you could send some suggestions and point me in the right direction on the "how to" part, I would appreciate it.

Thanks
0
Comment
Question by:Derek_Watson
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 50 total points
ID: 11857267
Ok. 1, go on your domain server.
2 - go to your AD User and computer
3 - Under the root of your domain, create 2 OU (organizational unit) group 1 and group 2..
4 - Move the user account coresponding to each group in each OU
5 - Right click each OU, properties, group policy tab.
6 - create a new group policy, after edit it.
7 - browse through the different setting you see in there, and remove access/give access to what you want. There's tons of stuff in there, go through everything for
your own cultural enlightment :)
8 - Repeat for second OU, then wait a few minutes, reboot computers, and make your user log back on.

Voila.


0
 

Expert Comment

by:dstarfire
ID: 11872846
As a general rule: on public workstations, you should lock down everything except those features you want the user to have access to.

A specific list of each item to lockout would be huge, as you'd need to lockout every way to do a forbidden task, to make the security worthwhile. Just open up your group-policy browser, and browse through the options, and read the descriptions for the less obvious settings (which are included in the same details window, thankfully)
0
 

Author Comment

by:Derek_Watson
ID: 11875101
Thanks.  We will try and let you know how it goes.
0
 

Author Comment

by:Derek_Watson
ID: 11887267
Thanks for your help... I apologize, but I am still learning W2000 Active Directory.

I was able to create the groups in Active Directory under the proper domain, then I was able to add the users the new groups. However, when I right clicked on the group I set up, there was no tab for group policy.

Please help.

Thanks
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11891648
You need to put them in organisational unit, not groups! :)

right click domain, new -> organisational unit..
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question