Solved

Locking Down users with Group Policy

Posted on 2006-06-14
2
573 Views
Last Modified: 2008-01-09
Hi I'm having some problems getting Group Policy to work like I want.

I have 9 users that are using the default User Template from SBS 2003 that I want to lock down.  I created an OU called "Locked Down Users".  I also created a Security Group called "Locked Down Users".  I added all the users that need the extra security into the "Locked Down Users" Group and I added the "LDU" Group to the "LDU" OU.

I also created a Group Policy Object that has the restrictions I want, ie no control panel, no run menu etc.  I set these all up in Administrative Templates of the User Configuration.  I then linked the the GPO to the "LDU" OU, and gave the "LDU" Group Read permissions on the GPO.  The GPO is link enabled and enforced.

Unfortunately I must have missed something as the GPO is not being applied to the users?

Any idea what I'm missing?  Still sort of a newb at Group Policy so be gentle.  ;)
0
Comment
Question by:jb1013
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 16908161
It's probably more of where you put the OU.  It MUST be under \MyBusiness\SBSUsers\Users in order to work... however, there is no need to put them in a separate OU, just use the security group instead.  Then, create a NEW template that is a member of the security group and then apply that new template to the users you want to have in it by using the Change Permissions Wizard.

Then, make sure that your GPO is linked and enabled to that security group.  Finally, run a GPUPDATE /FORCE command on the server.

To see if it's being enforced properly, log into a workstation with a member's account and run a GPRESULT /V command.

Jeff
TechSoEasy

0
 
LVL 1

Author Comment

by:jb1013
ID: 16909441
OK, that's probably it then I think the OU is in the wrong place.  Thanks for the pointers on how to do this correctly.  I'll give it a shot when I'm back over there in a day or so.  I really appreciate your help.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question