I keep trying to do this and don't get anywhere.
I want the domain guest account to be able to log into a computer on the sbs domain and only be able to surf and as little else as possible - no control panel, no my docs, no etc...
I did the following on the server, but when I log into a desktop as guest, I still get control panel, my docs, run, etc.
on the sbs server, i went into server management, advanced, group policy management, under group policy objects, made a new GPO called guest lockdown. double click and on scope page, took out authenticated users and added 'guests' (which guest is a member).
right click on the GPO, choose edit.
Just go through all the choices and enable all the lockdown items I want under user config, admin templates, enable things like
Once I have the GPO set, close it , drag it to the domain.local folder where all the other links are (default this, default that, etc.) and create a link there. open a run window, go gpupdate /force then when that's done, log in as guest on a desktop and still get the run command and all the things I was trying to block.
where am I messing up?