Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Computer Lockdown

Posted on 2011-03-19
9
Medium Priority
?
476 Views
Last Modified: 2012-05-11
Computer on a DOMAIN (Windows Server 2003)
Computer has Windows 7 installed
Computer needs to be locked down, but some GPO's dont exist on DOMAIN
Computer would like to use LOCAL GPO's but our DOMAIN OU overrides local
Computer needs to have USER specific lockdown so when I logon as Domain Admin the LOCAL GPO isn't applied.

Thanks

Also is there a good policy kicking around somewhere will almost full lockdown used for just basic browsing kicking around?
0
Comment
Question by:kpltechgroup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172280
You can mange windows 7 clients from a 2003 domain.

Great post on how to do it here: http://social.technet.microsoft.com/Forums/en-IE/winservermanager/thread/0bc09f58-983d-4e6f-8033-9ef59f8b8a9d 
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172283
I have access to the server but really dont want to mess anything up will this add the policies to the 2003 domain?
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172287
how do I populate the group policies over to windows 2003? Copy them from a windows 2008 R2 server??
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172294
Yes, that will allow you to mange everything from the domain (the best way to do it if you are talking about several windows 7 machines).

You best bet if you don't want to involve the domain controller is to make the users just regular users on the systems and set all of your "lock down" settings via the local security policy.

If you don't want site, domain, or OU policies to apply you'd have to block the GPO inheritance on the clients in Active Directory.
0
 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172300
Windows 7 and Windows 2008 R2 supports enhancements that can be configured through Group Policy settings, and those settings are supported by domain controllers running Windows Server 2008 R2. To support these enhancements for an Active Directory service environment consisting of domain controllers running Windows Server 2003 or Windows Server 2003 R2, the Active Directory schema must be extended.
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172325
Why am I blocking GPO inheritance? would this affect the computers currently on the domain?
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172329
oh nevermind reread sounds good ok Ill try populating the windows 2k3 server

Ill post if i had and errors/questions
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172445
Ok so I've copied over the ADMX but dont know what to do next the scemas part.. ALSO will this do anything to my current GPO settings? i mean if i have a bunch of settings already configged for my xp machines will this affect them? How do I make active directory see the admx files?
0
 
LVL 3

Accepted Solution

by:
ServerGuyScott earned 2000 total points
ID: 35172667
To extend the schmea review this info: http://technet.microsoft.com/en-us/library/cc773360%28WS.10%29.aspx 

As far as impact to older machines You'll then need to deploy the Client Side Extensions (from the link provided above) to all "older" systems, so that they are able to interpret some of the new schema. Extensions can be found here: http://support.microsoft.com/kb/943729 

0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question