Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

Educational Global Policy Suggestions and Assistance

We have a small W2000 network using active directory.  I am no IT pro... just learning to navigate through MMC and active directory functions.

We have about 35 XP pro workstations and I need to lockdown the desktops pretty tight for 1/2 of the group and some specific functions for the other half. (ie: explorer)  

(1) Need some ideas on what to lockdown to protect the individual workstations and the network.

(2) How do I do this?

If you could send some suggestions and point me in the right direction on the "how to" part, I would appreciate it.

Thanks
0
Derek_Watson
Asked:
Derek_Watson
  • 2
  • 2
1 Solution
 
Yan_westCommented:
Ok. 1, go on your domain server.
2 - go to your AD User and computer
3 - Under the root of your domain, create 2 OU (organizational unit) group 1 and group 2..
4 - Move the user account coresponding to each group in each OU
5 - Right click each OU, properties, group policy tab.
6 - create a new group policy, after edit it.
7 - browse through the different setting you see in there, and remove access/give access to what you want. There's tons of stuff in there, go through everything for
your own cultural enlightment :)
8 - Repeat for second OU, then wait a few minutes, reboot computers, and make your user log back on.

Voila.


0
 
dstarfireCommented:
As a general rule: on public workstations, you should lock down everything except those features you want the user to have access to.

A specific list of each item to lockout would be huge, as you'd need to lockout every way to do a forbidden task, to make the security worthwhile. Just open up your group-policy browser, and browse through the options, and read the descriptions for the less obvious settings (which are included in the same details window, thankfully)
0
 
Derek_WatsonAuthor Commented:
Thanks.  We will try and let you know how it goes.
0
 
Derek_WatsonAuthor Commented:
Thanks for your help... I apologize, but I am still learning W2000 Active Directory.

I was able to create the groups in Active Directory under the proper domain, then I was able to add the users the new groups. However, when I right clicked on the group I set up, there was no tab for group policy.

Please help.

Thanks
0
 
Yan_westCommented:
You need to put them in organisational unit, not groups! :)

right click domain, new -> organisational unit..
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now