Group Policy issue, exclusion of user and lower premitions

I have an OU with users in it that need a Group Policy that only allows the users to go on the web and do everything they need to do on the web, but all abilities to change the profile need to be shut off, and ability to run applications that were installed on the local machine need to be shut off or made so the user cannot use or see them. Also I need to be able to have Internet Explorer open every time you logon on any machine with these users and I need to specify a home page. It would be much appreciated if someone could help me with the settings I need in the GPO editor.

Thanks
HannasITAsked:
Who is Participating?
 
ADiRaju-BConnect With a Mentor Commented:
Oh.. I cant attach the document... How can I send  you a document that I have prepared?
0
 
HannasITAuthor Commented:
If you want you can send it to ****Email Address Removed*** by TechSoEasy EE's Microsoft Zone Advisor

Thanks
0
 
ADiRaju-BCommented:
Sent it... let me know does that help you... cos i prepared it from what i understood from your qn...
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
ADiRaju-BCommented:
0
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
Those steps will work somewhat, but will not completely lock down a workstation.  Because even though a user cannot run the command prompt or whatever programs are configured to not run, it doesn't stop them from doing other things such as CTRL-ALT-DEL or right clicking on the task bar which will allow them to open up the Task Manager or even just clicking Start > Run....  

It also doesn't stop them from running a program or browsing the drive or network through Internet Explorer's Address bar.

In order to have a full lockdown policy you need to enable loopback processing.  But this can be both difficult to configure and is not entirely effective (http://www.windowsitpro.com/articles/print.cfm?articleid=94618).

HannasIT, from what I understand you are looking for, you may not want to use an OU at all... in fact you may not want to even add these users to your Active Directory.  Especially, if all they are doing is accessing a specific web page and not accessing any network resources.  Instead, you can have them reboot the computer they are working on with a LiveCD Operating System that runs only on the CD itself and will deny them access to the hard drive and the rest of the network.  This is a common method for running "KIOSK" stations, and you have the added advantage that you do NOT need a CAL for these users.

There are various Live CD Kiosk versions around... most run Linux and will open Firefox upon booting prohibiting any other application from running.  

See this review article for more information about Firefox Live, BoothCD and LiveKiosk:  http://snipr.com/1uw8p
There's also https://launchpad.net/kiosk

Most of these can be modified to go to a specific site as well and as long as your SBS is handing out DHCP, there won't be any problem with them accessing the Internet.

Jeff
TechSoEasy

0
 
HannasITAuthor Commented:
Ok thanks everyone, it worked
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.