Server 2003 SP1 and AD 2003
Clients (workstations) - XP PRO. Domain users are local administrators on the client machine.
GPMC can be used on any client to view policies that apply to each OU. I want to restrict it such that no client machine can view GP policies per OU. For example, I have an OU for Sales. I don't want a user in the Finance department to be able to run GPMC on their machine and be able to browse the OUs in the domain and see what login scripts, policies, etc they are using.
For that matter, I don't want any client able to view the Domain/OU structure!