Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Group Policy and AD 2003

Posted on 2009-06-29
3
Medium Priority
?
219 Views
Last Modified: 2012-05-07
Hello,
In AD WIndows 2003 I want to create a new container with a group policy so a user created on this container will have the following behavior:

When user open a session on a XP Client, he will have a very limited access to this PC, no control panel, to acces to C drive, no possible to store files on desktop. User will only be able to save files to "my documents". Other feature required: when user open a session, an application will be launched automatically, and all other application (in start/program files) will be hidden from user

How do I create my group policy ? Any written document with examples ?
Thank you
0
Comment
Question by:gadsad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 2000 total points
ID: 24735943
It sounds like you want to use GPO and Mandatory Profile.

Create a new profile and lock it down how you wish with the view. Then copy this to the profile server and renam ntuser.dat to ntuser.man.  They will not be able to change the desktop or any other profile settings then.

You can also have the application set in the users startup folder for the application to launch when they log in.

You can map the user drive to their my documents if it's a network share otherwise the above method won't be any good.

For removing the control panel, browse to the following when creating the GPO:
User Config > Admin Templates > Control Panel > Prohibit access to the Control Panel.
0
 

Author Comment

by:gadsad
ID: 24736154
Very interesting but I am not sure how to do it (block the profile, rename the profile...)
Do you have a technical document which can describe in detail all this? It would be great!
Thank you
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 24886833
Here is a link for the Mandatory Profiles.  Remember to have it configured how you want it for all the users who will use it and then copy the profile to a network share:

http://technet.microsoft.com/en-us/library/cc786301%28WS.10%29.aspx
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question