jslayton01
asked on
Creating Security Policies under a Domain
Greetings,
I have a Windows 2000 Advanced Server with a Domain Name of myname.com in the Active Directory...My client workstation runs on Win2000 Pro that is a part of myname.com. I also created a username under Active Directory Users and Computers under this domain name as andy1.
Now, on the client workstation I logon as ANDY1 under the Domain: MYNAME.COM. Now, how can I disable the Control Panel, Command Prompt, or anything else from the Windows 2000 Server Domain system under MMC? Remember....not on the client workstation, FROM the Server only....
Please explain.
I have a Windows 2000 Advanced Server with a Domain Name of myname.com in the Active Directory...My client workstation runs on Win2000 Pro that is a part of myname.com. I also created a username under Active Directory Users and Computers under this domain name as andy1.
Now, on the client workstation I logon as ANDY1 under the Domain: MYNAME.COM. Now, how can I disable the Control Panel, Command Prompt, or anything else from the Windows 2000 Server Domain system under MMC? Remember....not on the client workstation, FROM the Server only....
Please explain.
ASKER
I did the following except I named the OU as PRACTICE then I added the USER who will logon to the domain. I enabled to diasable the things I want and no results...
What am I doing wrong here?
Here ais my Network Setup:
On Win2000 Server:
1. Domain Name: ANDYV
2. Server Name: ANDY
3. Created an OU named Practice and added pattyf to that OU...
On Client W/S running 2000 Pro:
1. Username 'pattyf' logs onto Server as 'pattyf' under the Domain Name of ANDYV using the password that I created under AD Users/Computers...
What am I doing wrong here?
Here ais my Network Setup:
On Win2000 Server:
1. Domain Name: ANDYV
2. Server Name: ANDY
3. Created an OU named Practice and added pattyf to that OU...
On Client W/S running 2000 Pro:
1. Username 'pattyf' logs onto Server as 'pattyf' under the Domain Name of ANDYV using the password that I created under AD Users/Computers...
Did you create the Group policy under PRACTICE OU?
Try running gpupdate.exe from the command prompt on the server. This will update any changes you make in the group policy. Then try logging the user in to the domain.
Let me know if this helps
Try running gpupdate.exe from the command prompt on the server. This will update any changes you make in the group policy. Then try logging the user in to the domain.
Let me know if this helps
ASKER
Idid the update thing and it cannot find the file. One thing. Is itpossible that the eval copy of the Server has expired and maube thats why?
Yes, I added ANDY1 to the OU called Practice...I also rebooted and nothing happened...
Yes, I added ANDY1 to the OU called Practice...I also rebooted and nothing happened...
Make sure on the client that the dns is pointing to the Domain Controller (andy).
ASKER
Ok heres the follow-up.
It actually worked or took effect when I logged on as ANDY1 (on the client w/s) under my LOCAL account and NOT under the domain server account..
I want to restrict the Control Panel under the DOMAIN ACCOUNT and NOT the LOCAL computer account...FROM THE SERVER....Is there anyway I can do that instead of the Local Computer account?
Hey!!!! I'm glad it worked under the Local Computer account. But you see, I wanted to take effect when I logon under my Domain account.
It actually worked or took effect when I logged on as ANDY1 (on the client w/s) under my LOCAL account and NOT under the domain server account..
I want to restrict the Control Panel under the DOMAIN ACCOUNT and NOT the LOCAL computer account...FROM THE SERVER....Is there anyway I can do that instead of the Local Computer account?
Hey!!!! I'm glad it worked under the Local Computer account. But you see, I wanted to take effect when I logon under my Domain account.
ASKER
Ok, to give a better picture on this:
On the workstation, I see a logon screen, right??? Now after netering the username/password I select which account to logon. Domain or Local. When I loggoed on as Local, it took effect. But it did not under Domain which is ANDYV.COM...
How come?
On the workstation, I see a logon screen, right??? Now after netering the username/password I select which account to logon. Domain or Local. When I loggoed on as Local, it took effect. But it did not under Domain which is ANDYV.COM...
How come?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
User Config...I dont undertsand. The workstation is a part of ANDYV Domain.
But when I logon as ANDY1/LOCAL it takes effect...
But when I logon under the Domain (ANDYV.COM) it does not take effect...that were the problem lies.
But when I logon as ANDY1/LOCAL it takes effect...
But when I logon under the Domain (ANDYV.COM) it does not take effect...that were the problem lies.
First create an OU for your users like 'Accounting' (That way your administrators are not subject to your group policy restrictions)
Put the user andy1 in this OU
Right click on the OU and select Properties
Click the group policy tab
Click New and name a new policy like 'Desktop Restrictions'
Highlight the new GP and click edit.
Go through the list for user configuration to limit or restrict access to the computers they login to.
Control panel can be found at >>user configuration/administrati
Now whereever andy1 logins he will not be able to open the control panel.
This link will help also
http://support.microsoft.com/default.aspx?scid=kb;en-us;307882
Let me know if there is anything else