Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy issue, exclusion of user and lower premitions

Posted on 2007-12-05
7
Medium Priority
?
753 Views
Last Modified: 2008-05-31
I have an OU with users in it that need a Group Policy that only allows the users to go on the web and do everything they need to do on the web, but all abilities to change the profile need to be shut off, and ability to run applications that were installed on the local machine need to be shut off or made so the user cannot use or see them. Also I need to be able to have Internet Explorer open every time you logon on any machine with these users and I need to specify a home page. It would be much appreciated if someone could help me with the settings I need in the GPO editor.

Thanks
0
Comment
Question by:HannasIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 

Accepted Solution

by:
ADiRaju-B earned 1200 total points
ID: 20415731
Oh.. I cant attach the document... How can I send  you a document that I have prepared?
0
 

Author Comment

by:HannasIT
ID: 20415776
If you want you can send it to ****Email Address Removed*** by TechSoEasy EE's Microsoft Zone Advisor

Thanks
0
 

Expert Comment

by:ADiRaju-B
ID: 20415906
Sent it... let me know does that help you... cos i prepared it from what i understood from your qn...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 800 total points
ID: 20425994
Those steps will work somewhat, but will not completely lock down a workstation.  Because even though a user cannot run the command prompt or whatever programs are configured to not run, it doesn't stop them from doing other things such as CTRL-ALT-DEL or right clicking on the task bar which will allow them to open up the Task Manager or even just clicking Start > Run....  

It also doesn't stop them from running a program or browsing the drive or network through Internet Explorer's Address bar.

In order to have a full lockdown policy you need to enable loopback processing.  But this can be both difficult to configure and is not entirely effective (http://www.windowsitpro.com/articles/print.cfm?articleid=94618).

HannasIT, from what I understand you are looking for, you may not want to use an OU at all... in fact you may not want to even add these users to your Active Directory.  Especially, if all they are doing is accessing a specific web page and not accessing any network resources.  Instead, you can have them reboot the computer they are working on with a LiveCD Operating System that runs only on the CD itself and will deny them access to the hard drive and the rest of the network.  This is a common method for running "KIOSK" stations, and you have the added advantage that you do NOT need a CAL for these users.

There are various Live CD Kiosk versions around... most run Linux and will open Firefox upon booting prohibiting any other application from running.  

See this review article for more information about Firefox Live, BoothCD and LiveKiosk:  http://snipr.com/1uw8p
There's also https://launchpad.net/kiosk

Most of these can be modified to go to a specific site as well and as long as your SBS is handing out DHCP, there won't be any problem with them accessing the Internet.

Jeff
TechSoEasy

0
 

Author Comment

by:HannasIT
ID: 20500705
Ok thanks everyone, it worked
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question