• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 699
  • Last Modified:

How to lockdown workstations using group policy

Hello - I have a classroom of about 40 computers that have different various users accessing the machines at various times of the day.  I have some smarty pants students that like to change wall paper, access the command prompt, remotely shutdown machines, etc.  I know that I can run gpedit.msc to change the various user options, but is there a way to do it from the server so that I only have to do it in one location, and have it affect or change the workstations?  It seems like when I do it from the server, it only affects the server. I'm probably not looking in the right place, but I value your input and ideas.
The server is a windows 2003 small business server, with active directory, and all the students log in as "Student" one username, pretty simple.  All of the workstations are windows xp sp-3.

Thanks in advance.
0
765tech
Asked:
765tech
1 Solution
 
wmeerzaCommented:
Heres a pretty straight forward atticle to start you off.
http://articles.techrepublic.com.com/5100-10878_11-1059493.html

0
 
acl-puzzCommented:
when you open gpedit.msc from run or cmd its for only local pc

You need to have an active directory for this after making this all pc will join this domain and then you will apply these policies to this domain suppose xxx.com"s GPO by right clicking in active directory and users options in administrative tools and all machines who you attached to this  domain will be affected by group policies

so it wil make this process centralize to one server 2003 or 2008

dcpromo is the command to start making an AD domain

Cheers
 
 
0
 
Malli BoppeCommented:
Create a seperate OU for this 40 computers and move them into the new OU .Now create a group policy to restrict on what users can do.You can really tighten down on what students can do.
Also make sure that none of the users or local admins on the machines.If they are any, they can be removed by using group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html 
You can also use the steadystate  in addition to the above.
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx 
0
 
765techAuthor Commented:
Thanks for your help.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now