Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Group Policy settings in Windows 2003 Domain.

Posted on 2007-07-23
Medium Priority
Last Modified: 2012-08-14
What group policy settings have to be done for the following?

1. Adjust the time of clients according to the time of the Primary Domain server.

2. I need to allow a few clients to change their Network settings such as IP, gate way etc. what group policy settings are to be done for this.

3. Can I deny clients to see the domain server/member servers from the My Network places?

4. By default the Scheduled task and printers are shown in My Network Places (when you try to browse a pc) how to stop this?

5. What should be done to deny seeing the SYSVOL of the domain server?

6. I dont want the clients to search Active directory and what should be done to do it?

Thanks in advance.

Question by:Zacharia Kurian
LVL 23

Expert Comment

by:Malli Boppe
ID: 19553772
1.)Adjust the time of clients according to the time of the Primary Domain server. You don't need to do any thing this happens automatically or you can run login script with the net time command.
2.)Move the users to a seperate OU and create group policy for that OU . User Configuration->Admin Templates-Network->network Connections
3.)You need to write a group policy to User Configuration->Admin Templates-Start Menu
4.)Group Policy User Configuration->Admin Templates-Start Menu
5.)I don't think you can do this.
6.)Stop users from doing LDAP query
LVL 23

Accepted Solution

Jeremy Weisinger earned 150 total points
ID: 19553881
1. Don't need to. It should sync automatically (needs to be for authentication)

2. Use Restricted Group. They'll need to be a member of the local Administrators, Power Users, or if it's XP, Network Configuration Operators. Here's great thread discussing the various aspects http://www.petri.co.il/forums/showthread.php?t=12489

3. Not entirely. You can remove the icon from the Desktop and the Start menu. You could disable the computer browser service on all the computers and then no one would be able to use My Network Place but that might be over kill?

4. There may be a way by messing with the administrative shares but then you'll lose some administrative control

5. Can't be done without breaking the functionality of the domain

6. The whole thing?!? If it's only sections, in ADUC > View menu > check Advanced Features. Now the objects have a security tab in their properties. If you don't want someone seeing something, take away the read permission. BUT, use extreme caution when changing permissions. You can really screw things up if you make a mistake.

I think you might want to worry more about hardening the computers and making sure users don't have more privileges than needed, rather than worrying about them seeing the sysvol, printers folder, etc.
LVL 10

Expert Comment

by:Walter Padrón
ID: 19556823
1, 2 & 3- as My_Username said before.

4- See http://www.winxptutor.com/schedshares.htm (not a policy, you need to script this)

5 & 6- IMHO this will give you a false sense of security, follow My_Username advice and hardening the servers instead.


Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question