peparsons
asked on
Group policies SBS 2003
When we set up our server with SBS 2003 we tried to set a policy so that all users in the domain would lose the ability to write files to the local C: drive. Also, if they try to write to My Documents I want it to be transferred to somewhere on the server. Things seemed relatively obvious but it did not work. When I tried to go through a tutorial on the Microsoft website, it was too in depth for me to understand.
What I need is an example of how to go through the menus and where to make the settings so that I can enforce a policy on everyone in the domain. I don't need an in depth appreciation of all the capabilities of system/group policies. I just need to be able to follow a simple example as a template for how I can enforce my policies.
Does anyone know of a web page or such like that would talk me through a simple example, specifically for 2003, or would anyone care to give me an example themselves?
Thank you
What I need is an example of how to go through the menus and where to make the settings so that I can enforce a policy on everyone in the domain. I don't need an in depth appreciation of all the capabilities of system/group policies. I just need to be able to follow a simple example as a template for how I can enforce my policies.
Does anyone know of a web page or such like that would talk me through a simple example, specifically for 2003, or would anyone care to give me an example themselves?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The articles refer mostly to Windows 2000, but the group policy processing hasn't changed for W2k3. The Group Policy Management Console will make things look completely different (but easier to manage once you've gotten used to it), but that's just the interface; the basics still remain the same.
You don't necessarily need to follow the OU construction from above; the best solution depends very strongly on your organisation. I'd stay with the security group filtering described, though, as this is (in my opinion) the easiest and most concise way to control who gets which policies applied.
One more hint:
While you're testing, you might want to refresh changed policies for the user without logging off and back on all the time.
In W2k, the command used is
secedit /refreshpolicy user_policy /enforce
(enter "secedit /?" for more help); for XP clients, it has changed to
gpupdate /target:user /force
(enter "gpupdate /? for more help).
You don't necessarily need to follow the OU construction from above; the best solution depends very strongly on your organisation. I'd stay with the security group filtering described, though, as this is (in my opinion) the easiest and most concise way to control who gets which policies applied.
One more hint:
While you're testing, you might want to refresh changed policies for the user without logging off and back on all the time.
In W2k, the command used is
secedit /refreshpolicy user_policy /enforce
(enter "secedit /?" for more help); for XP clients, it has changed to
gpupdate /target:user /force
(enter "gpupdate /? for more help).
ASKER
Thanks a lot. That's another useful tip.
PEP
PEP
ASKER
Thank you for that incredible effort. One question: Were your instructions for 2003?
PEP