Solved

Locking Down users with Group Policy

Posted on 2006-06-14
2
563 Views
Last Modified: 2008-01-09
Hi I'm having some problems getting Group Policy to work like I want.

I have 9 users that are using the default User Template from SBS 2003 that I want to lock down.  I created an OU called "Locked Down Users".  I also created a Security Group called "Locked Down Users".  I added all the users that need the extra security into the "Locked Down Users" Group and I added the "LDU" Group to the "LDU" OU.

I also created a Group Policy Object that has the restrictions I want, ie no control panel, no run menu etc.  I set these all up in Administrative Templates of the User Configuration.  I then linked the the GPO to the "LDU" OU, and gave the "LDU" Group Read permissions on the GPO.  The GPO is link enabled and enforced.

Unfortunately I must have missed something as the GPO is not being applied to the users?

Any idea what I'm missing?  Still sort of a newb at Group Policy so be gentle.  ;)
0
Comment
Question by:jb1013
2 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 16908161
It's probably more of where you put the OU.  It MUST be under \MyBusiness\SBSUsers\Users in order to work... however, there is no need to put them in a separate OU, just use the security group instead.  Then, create a NEW template that is a member of the security group and then apply that new template to the users you want to have in it by using the Change Permissions Wizard.

Then, make sure that your GPO is linked and enabled to that security group.  Finally, run a GPUPDATE /FORCE command on the server.

To see if it's being enforced properly, log into a workstation with a member's account and run a GPRESULT /V command.

Jeff
TechSoEasy

0
 
LVL 1

Author Comment

by:jb1013
ID: 16909441
OK, that's probably it then I think the OU is in the wrong place.  Thanks for the pointers on how to do this correctly.  I'll give it a shot when I'm back over there in a day or so.  I really appreciate your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Expired Certificates 4 68
SBS 2011 corrupt database 3 72
SBS 2011 6 42
Certificate Renewal Question 3 41
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
A short film showing how OnPage and Connectwise integration works.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now