Solved

How do I set up GPO for specific users.

Posted on 2006-10-30
5
250 Views
Last Modified: 2010-04-18
Hello all,

I am looking for some help in setting up my first GPO. I have three users who I want to have remote access (already setup and licensed the TS) and when they login they will see only the start button (to log off) and the program they are going to use.

I have installed the GPO mmc and can see all the choices (ALOT of choices...lol) and I would like help simplifying my needs.

Do I create a new OU and create the users under that? Then link the GPO to that?

I have one additional problem. Something I am missing. I add the user to the Remote Desktop Users group and take them out of the administrators group and can't remote in. I have tried this with all users. It’s has to be a setting I am missing.

0
Comment
Question by:mburke3434
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Chris Gralike earned 500 total points
ID: 17834837
Create a "group" inside a new OU and place your policy on that OU.

>> MYcorp.local
          >> OU : Employees    || Corperate GPO settings
                      >  UserObject
                      >  UserObject
          >> OU : Special GPO  || Additional GPO settings
                       >>  GroupObj
                                   > User membership...


regards,
0
 

Author Comment

by:mburke3434
ID: 17835227
Thanks for the speedy reply....

I have start menu only but the programs  > accessories
                                                               internet explorer
                                                               outlook express
                                                               remote assistant

 still show up.

Also, how do I add only one specific program to the start menu?
0
 
LVL 11

Expert Comment

by:Chris Gralike
ID: 17837281
i thought it to be a registry enty, also a mendantory profile for these users might be a sollution :)

http://support.microsoft.com/kb/323368

regards,
0
 
LVL 11

Expert Comment

by:Chris Gralike
ID: 17838012
err sorry on that

c:\documents and settings\%username%\start menu\programs\etc...
0
 

Author Comment

by:mburke3434
ID: 17838284
I got it worked out this way.

*** New OU
*** New GPO for that OU
*** Denied everything on Start Menu and Desktop
*** Allowed logoff
*** Placed shortcut to program in Desktop Folder (as admin of course)
*** Deleted Programs folders in start menu in Docs \ Settings.
*** User cannot chage password.

It worked out leaving access only to that program and logoff and no access (or even view) to anything else.

Your were a very big help...Thank you again.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question