?
Solved

Restricting Users running Windows XP on a 2003 SBS Domain

Posted on 2005-03-30
18
Medium Priority
?
280 Views
Last Modified: 2010-04-10
Hi, trying to disable users only, not administrator (ME), from accessing certain control panel features like netwokr connection and system, and also disabling them only from running certain programs.   I have a domain running Windows 2003 Small Business Server.  I have no clue how to set up a Group Policy or an OU.  Now, lets say we do get the users from not accessing certain control panel and certain softwares, if i log on with my username and password on their computer, i want to be able to have full access to everything?  Is there something that has to be setup on the Server?  I was able to do the logon Message, now to give it a final touch this is all i need.

If anyone can help, it will be highly appreciated.

Thanks!
0
Comment
Question by:dieseldom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
18 Comments
 
LVL 13

Accepted Solution

by:
gpriceee earned 2000 total points
ID: 13663669
Ensure your user account is not in the same OU as the users you wish to restrict.

On the OU with the users you wish to restrict, right click --> properties --> Group Policy Tab.
Under User Configuration --> Administrative Templates --> Control Panel
Change your settings there.

When you logon as a user not in that OU, the policy will not apply to you.
0
 

Author Comment

by:dieseldom
ID: 13663722
How do i get to the OU?
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13663732
Start --> All Programs --> Administrative Tools --> Active Directory Users and Computers.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:dieseldom
ID: 13663764
let me give it a shot...hold on
0
 

Author Comment

by:dieseldom
ID: 13663778
ok, i'm sorry what is the OU..i'm in the Active Directory Users and Computers...is it something I have to create.  and how do i keep my self out of this restriction.  Sorry to be a pain, but new to this Windows 2003....I was comfortable with NT.

Thanks for the help!
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13663956
That's okay.  We're all working on the same stuff.

The "folders" under your domain name are objects and Organizational Units.
The objects simply look like folders--your users are probably there.
The OUs have some funky book looking thing on the folder icon.
If you have a small network, your OU design can be easy, but you need to be careful: the goal is no more than three layers deep.

So, what would I do here?
I would raise the functional level of the domain to 2003: http://support.microsoft.com/kb/322692

Then, I would right click the domain, new --> Organizational Unit.
Then, I would name it something like SecuredUsers.
Then I would redirect all users and new users to the OU:
from the cmd prompt:
c:\windows\system32\redirusr ou=SecuredUsers,DC=domainname,dc=com (replace the domainname an com with the appropriate information)


This will allow your policies to be applied to ALL newly created users.

Make sure your account is located in a different OU.

0
 

Author Comment

by:dieseldom
ID: 13664079
The OU  is not listed there.  Where else would it be?
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13664104
Users is an object by default, not an OU.
What you're doing is CREATING the SecuredUsers OU, amking it the defauklt OU for new users, and applying your group policy to it.
0
 

Author Comment

by:dieseldom
ID: 13664136
ok the users are located under the My Business\Users\SBUsers in the Active Directory Users and Computers.

If i right click on a user and go to property, there is no Group Policy Tab.
0
 

Author Comment

by:dieseldom
ID: 13664164
but if i right click on the SBUsers folder and go to policy, I see the group policy tab but its telling me that I have to open the Group Policy Management.  Is there a way to disable that?
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13664169
Exactly--the folder should look just like a folder; it's an object, not an OU.
You need to create the new SecureUsers OU.
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13664184
Good!
I didn't want to complicate things by having you install the Group POlicy Management mmc.
Hold on. . . .
0
 

Author Comment

by:dieseldom
ID: 13664194
ok
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13664226
Great!  You don't need to create the SecureUsers group; just ensure you no longer are in the SBSUsers group.
Then, open Group Policy Management  and then right click on the SBSUsers group --> Create and Link a GPO here
Then, as stated before, under User Configuration --> Administrative Templates --> Control Panel
Change your settings there.

When you logon as a user not in that OU, the policy will not apply to you.
0
 

Author Comment

by:dieseldom
ID: 13664271
I'm going to give it a shot

Hold on...
0
 

Author Comment

by:dieseldom
ID: 13664302
I believe this worked well..I'm going to try it again at home seeing that I have a domain at home my self with couple of computers and users between kids and other members.  Once done, I'll close this with your points.. It looks liek you have been a great help!!

Thanks alot!!
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13664339
One more thing . . . oaky, two.
If you want the policy to take effect immediately on a machine, from the command prompt on the machine, enter the following command:
gpupdate /force

If you want to see the overall results of what group policies are applied, after the machine boots, at the cmd prompt enter:
gpresult

It will take a while to return.   Spend some time, and you''l see just how what you've done is applied to the user/machine.
0
 

Author Comment

by:dieseldom
ID: 13678282
great.  everything work!!  Thanks alot for the help!!  Here are ur pts!!

Thanks again!!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question