[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 480
  • Last Modified:

Computer Lockdown

Computer on a DOMAIN (Windows Server 2003)
Computer has Windows 7 installed
Computer needs to be locked down, but some GPO's dont exist on DOMAIN
Computer would like to use LOCAL GPO's but our DOMAIN OU overrides local
Computer needs to have USER specific lockdown so when I logon as Domain Admin the LOCAL GPO isn't applied.

Thanks

Also is there a good policy kicking around somewhere will almost full lockdown used for just basic browsing kicking around?
0
kpltechgroup
Asked:
kpltechgroup
  • 5
  • 4
1 Solution
 
ServerGuyScottCommented:
You can mange windows 7 clients from a 2003 domain.

Great post on how to do it here: http://social.technet.microsoft.com/Forums/en-IE/winservermanager/thread/0bc09f58-983d-4e6f-8033-9ef59f8b8a9d 
0
 
kpltechgroupAuthor Commented:
I have access to the server but really dont want to mess anything up will this add the policies to the 2003 domain?
0
 
kpltechgroupAuthor Commented:
how do I populate the group policies over to windows 2003? Copy them from a windows 2008 R2 server??
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ServerGuyScottCommented:
Yes, that will allow you to mange everything from the domain (the best way to do it if you are talking about several windows 7 machines).

You best bet if you don't want to involve the domain controller is to make the users just regular users on the systems and set all of your "lock down" settings via the local security policy.

If you don't want site, domain, or OU policies to apply you'd have to block the GPO inheritance on the clients in Active Directory.
0
 
ServerGuyScottCommented:
Windows 7 and Windows 2008 R2 supports enhancements that can be configured through Group Policy settings, and those settings are supported by domain controllers running Windows Server 2008 R2. To support these enhancements for an Active Directory service environment consisting of domain controllers running Windows Server 2003 or Windows Server 2003 R2, the Active Directory schema must be extended.
0
 
kpltechgroupAuthor Commented:
Why am I blocking GPO inheritance? would this affect the computers currently on the domain?
0
 
kpltechgroupAuthor Commented:
oh nevermind reread sounds good ok Ill try populating the windows 2k3 server

Ill post if i had and errors/questions
0
 
kpltechgroupAuthor Commented:
Ok so I've copied over the ADMX but dont know what to do next the scemas part.. ALSO will this do anything to my current GPO settings? i mean if i have a bunch of settings already configged for my xp machines will this affect them? How do I make active directory see the admx files?
0
 
ServerGuyScottCommented:
To extend the schmea review this info: http://technet.microsoft.com/en-us/library/cc773360%28WS.10%29.aspx 

As far as impact to older machines You'll then need to deploy the Client Side Extensions (from the link provided above) to all "older" systems, so that they are able to interpret some of the new schema. Extensions can be found here: http://support.microsoft.com/kb/943729 

0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now