Solved

Group Policy issue, exclusion of user and lower premitions

Posted on 2007-12-05
7
739 Views
Last Modified: 2008-05-31
I have an OU with users in it that need a Group Policy that only allows the users to go on the web and do everything they need to do on the web, but all abilities to change the profile need to be shut off, and ability to run applications that were installed on the local machine need to be shut off or made so the user cannot use or see them. Also I need to be able to have Internet Explorer open every time you logon on any machine with these users and I need to specify a home page. It would be much appreciated if someone could help me with the settings I need in the GPO editor.

Thanks
0
Comment
Question by:HannasIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 

Accepted Solution

by:
ADiRaju-B earned 300 total points
ID: 20415731
Oh.. I cant attach the document... How can I send  you a document that I have prepared?
0
 

Author Comment

by:HannasIT
ID: 20415776
If you want you can send it to ****Email Address Removed*** by TechSoEasy EE's Microsoft Zone Advisor

Thanks
0
 

Expert Comment

by:ADiRaju-B
ID: 20415906
Sent it... let me know does that help you... cos i prepared it from what i understood from your qn...
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 20425994
Those steps will work somewhat, but will not completely lock down a workstation.  Because even though a user cannot run the command prompt or whatever programs are configured to not run, it doesn't stop them from doing other things such as CTRL-ALT-DEL or right clicking on the task bar which will allow them to open up the Task Manager or even just clicking Start > Run....  

It also doesn't stop them from running a program or browsing the drive or network through Internet Explorer's Address bar.

In order to have a full lockdown policy you need to enable loopback processing.  But this can be both difficult to configure and is not entirely effective (http://www.windowsitpro.com/articles/print.cfm?articleid=94618).

HannasIT, from what I understand you are looking for, you may not want to use an OU at all... in fact you may not want to even add these users to your Active Directory.  Especially, if all they are doing is accessing a specific web page and not accessing any network resources.  Instead, you can have them reboot the computer they are working on with a LiveCD Operating System that runs only on the CD itself and will deny them access to the hard drive and the rest of the network.  This is a common method for running "KIOSK" stations, and you have the added advantage that you do NOT need a CAL for these users.

There are various Live CD Kiosk versions around... most run Linux and will open Firefox upon booting prohibiting any other application from running.  

See this review article for more information about Firefox Live, BoothCD and LiveKiosk:  http://snipr.com/1uw8p
There's also https://launchpad.net/kiosk

Most of these can be modified to go to a specific site as well and as long as your SBS is handing out DHCP, there won't be any problem with them accessing the Internet.

Jeff
TechSoEasy

0
 

Author Comment

by:HannasIT
ID: 20500705
Ok thanks everyone, it worked
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question