?
Solved

Computer Lockdown

Posted on 2011-03-19
9
Medium Priority
?
465 Views
Last Modified: 2012-05-11
Computer on a DOMAIN (Windows Server 2003)
Computer has Windows 7 installed
Computer needs to be locked down, but some GPO's dont exist on DOMAIN
Computer would like to use LOCAL GPO's but our DOMAIN OU overrides local
Computer needs to have USER specific lockdown so when I logon as Domain Admin the LOCAL GPO isn't applied.

Thanks

Also is there a good policy kicking around somewhere will almost full lockdown used for just basic browsing kicking around?
0
Comment
Question by:kpltechgroup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172280
You can mange windows 7 clients from a 2003 domain.

Great post on how to do it here: http://social.technet.microsoft.com/Forums/en-IE/winservermanager/thread/0bc09f58-983d-4e6f-8033-9ef59f8b8a9d 
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172283
I have access to the server but really dont want to mess anything up will this add the policies to the 2003 domain?
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172287
how do I populate the group policies over to windows 2003? Copy them from a windows 2008 R2 server??
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172294
Yes, that will allow you to mange everything from the domain (the best way to do it if you are talking about several windows 7 machines).

You best bet if you don't want to involve the domain controller is to make the users just regular users on the systems and set all of your "lock down" settings via the local security policy.

If you don't want site, domain, or OU policies to apply you'd have to block the GPO inheritance on the clients in Active Directory.
0
 
LVL 3

Expert Comment

by:ServerGuyScott
ID: 35172300
Windows 7 and Windows 2008 R2 supports enhancements that can be configured through Group Policy settings, and those settings are supported by domain controllers running Windows Server 2008 R2. To support these enhancements for an Active Directory service environment consisting of domain controllers running Windows Server 2003 or Windows Server 2003 R2, the Active Directory schema must be extended.
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172325
Why am I blocking GPO inheritance? would this affect the computers currently on the domain?
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172329
oh nevermind reread sounds good ok Ill try populating the windows 2k3 server

Ill post if i had and errors/questions
0
 
LVL 5

Author Comment

by:kpltechgroup
ID: 35172445
Ok so I've copied over the ADMX but dont know what to do next the scemas part.. ALSO will this do anything to my current GPO settings? i mean if i have a bunch of settings already configged for my xp machines will this affect them? How do I make active directory see the admx files?
0
 
LVL 3

Accepted Solution

by:
ServerGuyScott earned 2000 total points
ID: 35172667
To extend the schmea review this info: http://technet.microsoft.com/en-us/library/cc773360%28WS.10%29.aspx 

As far as impact to older machines You'll then need to deploy the Client Side Extensions (from the link provided above) to all "older" systems, so that they are able to interpret some of the new schema. Extensions can be found here: http://support.microsoft.com/kb/943729 

0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We asked our MSP customer base what their favorite tools were and how they help them serve clients. We focused our questions on favorite tools in the following categories: >PSA tools >RMM tools >Alert management tools >Communication tools and Mo…
How many times a day do you open, acknowledge, or close an IT incident? What’s your process? Do you have a process depending on the incident, systems involved, and other factors? New Relic Alerts gives you options for how you interact with notifica…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses
Course of the Month13 days, 20 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question