Solved

Educational Global Policy Suggestions and Assistance

Posted on 2004-08-20
5
174 Views
Last Modified: 2010-04-11
We have a small W2000 network using active directory.  I am no IT pro... just learning to navigate through MMC and active directory functions.

We have about 35 XP pro workstations and I need to lockdown the desktops pretty tight for 1/2 of the group and some specific functions for the other half. (ie: explorer)  

(1) Need some ideas on what to lockdown to protect the individual workstations and the network.

(2) How do I do this?

If you could send some suggestions and point me in the right direction on the "how to" part, I would appreciate it.

Thanks
0
Comment
Question by:Derek_Watson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 50 total points
ID: 11857267
Ok. 1, go on your domain server.
2 - go to your AD User and computer
3 - Under the root of your domain, create 2 OU (organizational unit) group 1 and group 2..
4 - Move the user account coresponding to each group in each OU
5 - Right click each OU, properties, group policy tab.
6 - create a new group policy, after edit it.
7 - browse through the different setting you see in there, and remove access/give access to what you want. There's tons of stuff in there, go through everything for
your own cultural enlightment :)
8 - Repeat for second OU, then wait a few minutes, reboot computers, and make your user log back on.

Voila.


0
 

Expert Comment

by:dstarfire
ID: 11872846
As a general rule: on public workstations, you should lock down everything except those features you want the user to have access to.

A specific list of each item to lockout would be huge, as you'd need to lockout every way to do a forbidden task, to make the security worthwhile. Just open up your group-policy browser, and browse through the options, and read the descriptions for the less obvious settings (which are included in the same details window, thankfully)
0
 

Author Comment

by:Derek_Watson
ID: 11875101
Thanks.  We will try and let you know how it goes.
0
 

Author Comment

by:Derek_Watson
ID: 11887267
Thanks for your help... I apologize, but I am still learning W2000 Active Directory.

I was able to create the groups in Active Directory under the proper domain, then I was able to add the users the new groups. However, when I right clicked on the group I set up, there was no tab for group policy.

Please help.

Thanks
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11891648
You need to put them in organisational unit, not groups! :)

right click domain, new -> organisational unit..
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Recommendation for open source Monitoring 7 102
VLAN's by IP 10 69
VLAN Questions 3 70
Frequency of Windows Server updates 27 137
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question