Solved

How do I set up GPO for specific users.

Posted on 2006-10-30
5
229 Views
Last Modified: 2010-04-18
Hello all,

I am looking for some help in setting up my first GPO. I have three users who I want to have remote access (already setup and licensed the TS) and when they login they will see only the start button (to log off) and the program they are going to use.

I have installed the GPO mmc and can see all the choices (ALOT of choices...lol) and I would like help simplifying my needs.

Do I create a new OU and create the users under that? Then link the GPO to that?

I have one additional problem. Something I am missing. I add the user to the Remote Desktop Users group and take them out of the administrators group and can't remote in. I have tried this with all users. It’s has to be a setting I am missing.

0
Comment
Question by:mburke3434
  • 3
  • 2
5 Comments
 
LVL 10

Accepted Solution

by:
Chris_Gralike earned 500 total points
ID: 17834837
Create a "group" inside a new OU and place your policy on that OU.

>> MYcorp.local
          >> OU : Employees    || Corperate GPO settings
                      >  UserObject
                      >  UserObject
          >> OU : Special GPO  || Additional GPO settings
                       >>  GroupObj
                                   > User membership...


regards,
0
 

Author Comment

by:mburke3434
ID: 17835227
Thanks for the speedy reply....

I have start menu only but the programs  > accessories
                                                               internet explorer
                                                               outlook express
                                                               remote assistant

 still show up.

Also, how do I add only one specific program to the start menu?
0
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 17837281
i thought it to be a registry enty, also a mendantory profile for these users might be a sollution :)

http://support.microsoft.com/kb/323368

regards,
0
 
LVL 10

Expert Comment

by:Chris_Gralike
ID: 17838012
err sorry on that

c:\documents and settings\%username%\start menu\programs\etc...
0
 

Author Comment

by:mburke3434
ID: 17838284
I got it worked out this way.

*** New OU
*** New GPO for that OU
*** Denied everything on Start Menu and Desktop
*** Allowed logoff
*** Placed shortcut to program in Desktop Folder (as admin of course)
*** Deleted Programs folders in start menu in Docs \ Settings.
*** User cannot chage password.

It worked out leaving access only to that program and logoff and no access (or even view) to anything else.

Your were a very big help...Thank you again.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question