[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 758
  • Last Modified:

Group Policy issue, exclusion of user and lower premitions

I have an OU with users in it that need a Group Policy that only allows the users to go on the web and do everything they need to do on the web, but all abilities to change the profile need to be shut off, and ability to run applications that were installed on the local machine need to be shut off or made so the user cannot use or see them. Also I need to be able to have Internet Explorer open every time you logon on any machine with these users and I need to specify a home page. It would be much appreciated if someone could help me with the settings I need in the GPO editor.

Thanks
0
HannasIT
Asked:
HannasIT
  • 3
  • 2
2 Solutions
 
ADiRaju-BCommented:
Oh.. I cant attach the document... How can I send  you a document that I have prepared?
0
 
HannasITAuthor Commented:
If you want you can send it to ****Email Address Removed*** by TechSoEasy EE's Microsoft Zone Advisor

Thanks
0
 
ADiRaju-BCommented:
Sent it... let me know does that help you... cos i prepared it from what i understood from your qn...
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
ADiRaju-BCommented:
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Those steps will work somewhat, but will not completely lock down a workstation.  Because even though a user cannot run the command prompt or whatever programs are configured to not run, it doesn't stop them from doing other things such as CTRL-ALT-DEL or right clicking on the task bar which will allow them to open up the Task Manager or even just clicking Start > Run....  

It also doesn't stop them from running a program or browsing the drive or network through Internet Explorer's Address bar.

In order to have a full lockdown policy you need to enable loopback processing.  But this can be both difficult to configure and is not entirely effective (http://www.windowsitpro.com/articles/print.cfm?articleid=94618).

HannasIT, from what I understand you are looking for, you may not want to use an OU at all... in fact you may not want to even add these users to your Active Directory.  Especially, if all they are doing is accessing a specific web page and not accessing any network resources.  Instead, you can have them reboot the computer they are working on with a LiveCD Operating System that runs only on the CD itself and will deny them access to the hard drive and the rest of the network.  This is a common method for running "KIOSK" stations, and you have the added advantage that you do NOT need a CAL for these users.

There are various Live CD Kiosk versions around... most run Linux and will open Firefox upon booting prohibiting any other application from running.  

See this review article for more information about Firefox Live, BoothCD and LiveKiosk:  http://snipr.com/1uw8p
There's also https://launchpad.net/kiosk

Most of these can be modified to go to a specific site as well and as long as your SBS is handing out DHCP, there won't be any problem with them accessing the Internet.

Jeff
TechSoEasy

0
 
HannasITAuthor Commented:
Ok thanks everyone, it worked
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now