<div>
I like the idea of creating a new OU called LockDown and moving the user account into the new OU; it makes things a little more clear IMHO. &nbsp;
</div>


I like the idea of creating a new OU called LockDown and moving the user account into the new OU; it makes things a little more clear IMHO.  

<div>
I was hoping not to do that, but creating the OU worked great! &nbsp;Now I have the user restricted from making changes to his workstation and limited his ability to search the network.
</div>


I was hoping not to do that, but creating the OU worked great!  Now I have the user restricted from making changes to his workstation and limited his ability to search the network.

<div>
What would be nice is an ERD (Entity Relationship Diagram) for Group Policy that shows which settings in Computer and User are the same.
</div>


What would be nice is an ERD (Entity Relationship Diagram) for Group Policy that shows which settings in Computer and User are the same.

<div>
RSoP is for you! &nbsp;<br />
<br />
How to Target Resultant Set of Policy (RSoP) for Users and Computers<br />
<a href="http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx" rel="ugc nofollow">http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx</a><br />
<br />
Determine Resultant Set of Policy with GPResult.exe<br />
<a href="http://technet2.microsoft.com/WindowsServer/en/Library/10997a3d-98f4-4fc2-bc82-f85beb6fd13e1033.mspx" rel="ugc nofollow">http://technet2.microsoft.com/WindowsServer/en/Library/10997a3d-98f4-4fc2-bc82-f85beb6fd13e1033.mspx</a>
</div>


RSoP is for you!  

How to Target Resultant Set of Policy (RSoP) for Users and Computers
http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx [http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx]

Determine Resultant Set of Policy with GPResult.exe
http://technet2.microsoft.com/WindowsServer/en/Library/10997a3d-98f4-4fc2-bc82-f85beb6fd13e1033.mspx [http://technet2.microsoft.com/WindowsServer/en/Library/10997a3d-98f4-4fc2-bc82-f85beb6fd13e1033.mspx]

<div>
<div class="content wysiwyg-content">
I have a single user in a 2003 domain that I need to severely restrict his access. &nbsp;I do not want ANY other users affected (or is that effected). &nbsp;Can I create and apply a group policy too a single user?
</div>
</div>


I have a single user in a 2003 domain that I need to severely restrict his access.  I do not want ANY other users affected (or is that effected).  Can I create and apply a group policy too a single user?

Group Policy for single user

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).