For a long time no, clients on my company network have been able to do as they wish, and install god knows what onto their machines, due to a very lazy network administrator. Now i have taken over the role, this is going to stop, but i do have very limited knowledge, so i was hoping you guys could help.
I have set up 2 empty test OU, 1 in which i am going to put my computers in, and 1 in which i am going to put my users in. is this right?
secondly, for the computer OU, i am going to make a GPO that contains only computers configurations policys? and the same goes for the user configuration?
i think i should be ok building these, but it's the next bit that i need to get my head around.
Am i right in saying i should build the machine, add it to the domain, set up the users account as an administrator user?
once i've done that, should i configure the machine, install the software that is needed, then once it is perfect, change them to power users, THEN add the user to the new User OU, and the computer to the new Computer OU?
ALSO, once the machine is in this OU, would i still be able to log on as administrator and change things that the OU doesn't allow?