Group Policy Questions

Posted on 2012-09-18
Last Modified: 2012-09-27

I have a bunch of servers including an 2008R2 Domain Controller, some Terminal Servers and about 60 users all using Windows XP to which i wish to setup GPO's for.

Currently all users have Power User rights manually selected in their XP machines, no GPO's are applied. I'd like to setup some GPO's now but need a little guidance.

1) Is is best to leave all the workstations with manually selected Power Users group?
2) Do i create one OU and GPO for all Workstations and another for say the Terminal Servers?

I wish all users to be able to install printers but no other software etc.

Question by:tmaster100
    LVL 16

    Accepted Solution

    I would start with creating an OU for servers, an OU for workstations.
    Then link and create GPO's for servers and same for workstations.  I would probably create a startup script for the server OU and also create a security group in AD for the people who needed to install printers.  For example, PrintInstallers=people who need to install printers.  Add that group to the power users group on startup.

    That's just an example, many ways to do it, but I would create an OU for the server and OU for workstations for sure.

    LVL 21

    Expert Comment

    Your first part of your question is confusing me.  I am not sure what you mean by Manually  select Power Users

    To your second question.
    I do recommend that you have a GPO linked to your workstation and one to your terminal server.

    Setting up two OU's to address this is the way togo.
    I cannot see you giving users Power User Rights to a server as you would to a workstation.
    LVL 16

    Expert Comment

    I have to agree also, I don't have any users in my domain or do I ever unless absolutely necessary give any user any rights above a regular user on a server.  I did have to give one user power user rights on a TS to be able to run quickbooks the way it's suppose to.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now