[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Computer Lockdown

Posted on 2011-03-19
9
Medium Priority
?
478 Views
Last Modified: 2012-05-11
Computer on a DOMAIN (Windows Server 2003)
Computer has Windows 7 installed
Computer needs to be locked down, but some GPO's dont exist on DOMAIN
Computer would like to use LOCAL GPO's but our DOMAIN OU overrides local
Computer needs to have USER specific lockdown so when I logon as Domain Admin the LOCAL GPO isn't applied.

Thanks

Also is there a good policy kicking around somewhere will almost full lockdown used for just basic browsing kicking around?
0
Comment
Question by:kpltechgroup
  • 5
  • 4
9 Comments
 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172280
You can mange windows 7 clients from a 2003 domain.

Great post on how to do it here: http://social.technet.microsoft.com/Forums/en-IE/winservermanager/thread/0bc09f58-983d-4e6f-8033-9ef59f8b8a9d 
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172283
I have access to the server but really dont want to mess anything up will this add the policies to the 2003 domain?
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172287
how do I populate the group policies over to windows 2003? Copy them from a windows 2008 R2 server??
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172294
Yes, that will allow you to mange everything from the domain (the best way to do it if you are talking about several windows 7 machines).

You best bet if you don't want to involve the domain controller is to make the users just regular users on the systems and set all of your "lock down" settings via the local security policy.

If you don't want site, domain, or OU policies to apply you'd have to block the GPO inheritance on the clients in Active Directory.
0
 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172300
Windows 7 and Windows 2008 R2 supports enhancements that can be configured through Group Policy settings, and those settings are supported by domain controllers running Windows Server 2008 R2. To support these enhancements for an Active Directory service environment consisting of domain controllers running Windows Server 2003 or Windows Server 2003 R2, the Active Directory schema must be extended.
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172325
Why am I blocking GPO inheritance? would this affect the computers currently on the domain?
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172329
oh nevermind reread sounds good ok Ill try populating the windows 2k3 server

Ill post if i had and errors/questions
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172445
Ok so I've copied over the ADMX but dont know what to do next the scemas part.. ALSO will this do anything to my current GPO settings? i mean if i have a bunch of settings already configged for my xp machines will this affect them? How do I make active directory see the admx files?
0
 
LVL 3

Accepted Solution

by:
ServerGuyScott earned 2000 total points
ID: 35172667
To extend the schmea review this info: http://technet.microsoft.com/en-us/library/cc773360%28WS.10%29.aspx 

As far as impact to older machines You'll then need to deploy the Client Side Extensions (from the link provided above) to all "older" systems, so that they are able to interpret some of the new schema. Extensions can be found here: http://support.microsoft.com/kb/943729 

0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The top devops trends for 2017 are focused on improved deployment frequency, decreased lead time for change and decreased MTTR.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Suggested Courses
Course of the Month17 days, 21 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question