Solved

Educational Global Policy Suggestions and Assistance

Posted on 2004-08-20
5
175 Views
Last Modified: 2010-04-11
We have a small W2000 network using active directory.  I am no IT pro... just learning to navigate through MMC and active directory functions.

We have about 35 XP pro workstations and I need to lockdown the desktops pretty tight for 1/2 of the group and some specific functions for the other half. (ie: explorer)  

(1) Need some ideas on what to lockdown to protect the individual workstations and the network.

(2) How do I do this?

If you could send some suggestions and point me in the right direction on the "how to" part, I would appreciate it.

Thanks
0
Comment
Question by:Derek_Watson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 50 total points
ID: 11857267
Ok. 1, go on your domain server.
2 - go to your AD User and computer
3 - Under the root of your domain, create 2 OU (organizational unit) group 1 and group 2..
4 - Move the user account coresponding to each group in each OU
5 - Right click each OU, properties, group policy tab.
6 - create a new group policy, after edit it.
7 - browse through the different setting you see in there, and remove access/give access to what you want. There's tons of stuff in there, go through everything for
your own cultural enlightment :)
8 - Repeat for second OU, then wait a few minutes, reboot computers, and make your user log back on.

Voila.


0
 

Expert Comment

by:dstarfire
ID: 11872846
As a general rule: on public workstations, you should lock down everything except those features you want the user to have access to.

A specific list of each item to lockout would be huge, as you'd need to lockout every way to do a forbidden task, to make the security worthwhile. Just open up your group-policy browser, and browse through the options, and read the descriptions for the less obvious settings (which are included in the same details window, thankfully)
0
 

Author Comment

by:Derek_Watson
ID: 11875101
Thanks.  We will try and let you know how it goes.
0
 

Author Comment

by:Derek_Watson
ID: 11887267
Thanks for your help... I apologize, but I am still learning W2000 Active Directory.

I was able to create the groups in Active Directory under the proper domain, then I was able to add the users the new groups. However, when I right clicked on the group I set up, there was no tab for group policy.

Please help.

Thanks
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11891648
You need to put them in organisational unit, not groups! :)

right click domain, new -> organisational unit..
0

Featured Post

Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month9 days, 15 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question