Solved

GPO: no Computer's properties (and other common GPOs used in daily basis)

Posted on 2013-02-06
2
591 Views
Last Modified: 2013-02-07
Hi,

This is related to configuring the GPO for the Workstations in the enterprise environment. I saw in a company as the followings:

-      For a certain group of users; say it; user: “Sales” (around 30 workstations)
-      When “Sales” login to the workstation, she/he can see the “My Computer”
-      But When “Sales”, right-click “My Computer” and select “properties”, “Sales” cannot see or open the “Properties”

I Know how to create a GPO; for the above, i will do the followings:
-I create an OU (just called it "Transaction" OU)
- I will put all the "Sales" user in this Transaction OU
- Then, I will create the GPO and apply it to the Transaction OU
- If necessary, I will go to the workstation, and do gpupdate /force and gpresult


My Questions:
1) How to create the above GPO? (Please provide the Path)
2) What Kinds of USUAL or COMMON GPOs are usually used in DAILY basis at the production environment? (Please provide as many as you know)

Thank you

tjie
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 500 total points
ID: 38862598
See:  http://www.kreslavsky.com/2009/10/block-access-to-my-computer-properties-menu-in-windows-7-and-vista.html

Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Regarding your second question, most of our workstation GPOs are to lock down workstations and IE  browser, from a security standpoint. That means disabling user installs, setting default screensaver w password timeouts, disabling games, locking down IE to prevent stuff from running if its malicious, all that stuff. WAY too many to list. It is advised that you look up some common best practices and defined settings such as NIST's guidelines.

http://web.nvd.nist.gov/view/ncp/repository
http://technet.microsoft.com/library/cc677002.aspx
0
 

Author Comment

by:tjie
ID: 38862667
To Experts: Please just provide the lists that you encountered in your daily experiences (if any); 3 or 4 are more than enough (Note: I do not need the lists which I can just google them).
Thanks
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question