Group Policy settings in Windows 2003 Domain.

Posted on 2007-07-23
Last Modified: 2012-08-14
What group policy settings have to be done for the following?

1. Adjust the time of clients according to the time of the Primary Domain server.

2. I need to allow a few clients to change their Network settings such as IP, gate way etc. what group policy settings are to be done for this.

3. Can I deny clients to see the domain server/member servers from the My Network places?

4. By default the Scheduled task and printers are shown in My Network Places (when you try to browse a pc) how to stop this?

5. What should be done to deny seeing the SYSVOL of the domain server?

6. I dont want the clients to search Active directory and what should be done to do it?

Thanks in advance.

Question by:Zacharia Kurian
    LVL 23

    Expert Comment

    by:Malli Boppe
    1.)Adjust the time of clients according to the time of the Primary Domain server. You don't need to do any thing this happens automatically or you can run login script with the net time command.
    2.)Move the users to a seperate OU and create group policy for that OU . User Configuration->Admin Templates-Network->network Connections
    3.)You need to write a group policy to User Configuration->Admin Templates-Start Menu
    4.)Group Policy User Configuration->Admin Templates-Start Menu
    5.)I don't think you can do this.
    6.)Stop users from doing LDAP query
    LVL 18

    Accepted Solution

    1. Don't need to. It should sync automatically (needs to be for authentication)

    2. Use Restricted Group. They'll need to be a member of the local Administrators, Power Users, or if it's XP, Network Configuration Operators. Here's great thread discussing the various aspects

    3. Not entirely. You can remove the icon from the Desktop and the Start menu. You could disable the computer browser service on all the computers and then no one would be able to use My Network Place but that might be over kill?

    4. There may be a way by messing with the administrative shares but then you'll lose some administrative control

    5. Can't be done without breaking the functionality of the domain

    6. The whole thing?!? If it's only sections, in ADUC > View menu > check Advanced Features. Now the objects have a security tab in their properties. If you don't want someone seeing something, take away the read permission. BUT, use extreme caution when changing permissions. You can really screw things up if you make a mistake.

    I think you might want to worry more about hardening the computers and making sure users don't have more privileges than needed, rather than worrying about them seeing the sysvol, printers folder, etc.
    LVL 10

    Expert Comment

    by:Walter Padrón
    1, 2 & 3- as My_Username said before.

    4- See (not a policy, you need to script this)

    5 & 6- IMHO this will give you a false sense of security, follow My_Username advice and hardening the servers instead.


    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now