• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 746
  • Last Modified:

Applying Group Policy to lock down workstations to specific users

Hi there,

Using XP client and Win 2003 Server

I am trying to lock down domain workstations so that when domain users log on, they receive a very limited desktop, icons, etc.  However on the same workstation, if a member of the admin group log on, they get far more icons, run command, etc.  I have had no success so far

I have created an OU called Workstations, and the pc's will go in here.  Against this i need to apply a GPO which will give me what i need - do i need to create two GPO's - one for users and one for admins?  The changes i am making in the GPO are User settings i believe, however, the GPO when applied only picks up the Computer settings according to gpresult on the workstation.

Anyone have any resources or answers?
Thanks in advance
0
neal2206
Asked:
neal2206
  • 2
1 Solution
 
usachrisk1983Commented:
If you're trying to apply user specific GPO's, you need to apply them to a container with users.
0
 
neal2206Author Commented:
Thanks for the reply..
This OU will only contain workstations, our users all live in the 'users' container.  It is a user specific GPO in the respect that when users in the admin group log on, they will get increased rights to the pc, whereas those in the users group require a very limited set of options.  I vaguely recall this can be done somehow but cannot identify how..
0
 
Mike KlineCommented:
So a GPO that contains user settings that is linked to an OU that only contains computers won't be applied.   If you want the user settings to apply to the users you have a few options.
1.  Link the user GPO to the OU where your users are
2.  Use loopback processing.  GP MVP Darren Mar-Elia has a great overview on loopback here
http://sdmsoftware.com/blog/2009/01/please_explain_loopback_proces.html
So lets say you want a group (like admins) to not receive a policy.  For that you can use security filtering.   More on security filtering here
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
Thanks
Mike
0
 
neal2206Author Commented:
Excellent - i have stumbled across the loopback processing option and it works well for me.

Many thanks!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now