[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Locking Down users with Group Policy

Posted on 2006-06-14
2
Medium Priority
?
583 Views
Last Modified: 2008-01-09
Hi I'm having some problems getting Group Policy to work like I want.

I have 9 users that are using the default User Template from SBS 2003 that I want to lock down.  I created an OU called "Locked Down Users".  I also created a Security Group called "Locked Down Users".  I added all the users that need the extra security into the "Locked Down Users" Group and I added the "LDU" Group to the "LDU" OU.

I also created a Group Policy Object that has the restrictions I want, ie no control panel, no run menu etc.  I set these all up in Administrative Templates of the User Configuration.  I then linked the the GPO to the "LDU" OU, and gave the "LDU" Group Read permissions on the GPO.  The GPO is link enabled and enforced.

Unfortunately I must have missed something as the GPO is not being applied to the users?

Any idea what I'm missing?  Still sort of a newb at Group Policy so be gentle.  ;)
0
Comment
Question by:jb1013
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 16908161
It's probably more of where you put the OU.  It MUST be under \MyBusiness\SBSUsers\Users in order to work... however, there is no need to put them in a separate OU, just use the security group instead.  Then, create a NEW template that is a member of the security group and then apply that new template to the users you want to have in it by using the Change Permissions Wizard.

Then, make sure that your GPO is linked and enabled to that security group.  Finally, run a GPUPDATE /FORCE command on the server.

To see if it's being enforced properly, log into a workstation with a member's account and run a GPRESULT /V command.

Jeff
TechSoEasy

0
 
LVL 1

Author Comment

by:jb1013
ID: 16909441
OK, that's probably it then I think the OU is in the wrong place.  Thanks for the pointers on how to do this correctly.  I'll give it a shot when I'm back over there in a day or so.  I really appreciate your help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question