Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

GPO: no Computer's properties (and other common GPOs used in daily basis)

Posted on 2013-02-06
2
587 Views
Last Modified: 2013-02-07
Hi,

This is related to configuring the GPO for the Workstations in the enterprise environment. I saw in a company as the followings:

-      For a certain group of users; say it; user: “Sales” (around 30 workstations)
-      When “Sales” login to the workstation, she/he can see the “My Computer”
-      But When “Sales”, right-click “My Computer” and select “properties”, “Sales” cannot see or open the “Properties”

I Know how to create a GPO; for the above, i will do the followings:
-I create an OU (just called it "Transaction" OU)
- I will put all the "Sales" user in this Transaction OU
- Then, I will create the GPO and apply it to the Transaction OU
- If necessary, I will go to the workstation, and do gpupdate /force and gpresult


My Questions:
1) How to create the above GPO? (Please provide the Path)
2) What Kinds of USUAL or COMMON GPOs are usually used in DAILY basis at the production environment? (Please provide as many as you know)

Thank you

tjie
0
Comment
Question by:tjie
2 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 500 total points
ID: 38862598
See:  http://www.kreslavsky.com/2009/10/block-access-to-my-computer-properties-menu-in-windows-7-and-vista.html

Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Regarding your second question, most of our workstation GPOs are to lock down workstations and IE  browser, from a security standpoint. That means disabling user installs, setting default screensaver w password timeouts, disabling games, locking down IE to prevent stuff from running if its malicious, all that stuff. WAY too many to list. It is advised that you look up some common best practices and defined settings such as NIST's guidelines.

http://web.nvd.nist.gov/view/ncp/repository
http://technet.microsoft.com/library/cc677002.aspx
0
 

Author Comment

by:tjie
ID: 38862667
To Experts: Please just provide the lists that you encountered in your daily experiences (if any); 3 or 4 are more than enough (Note: I do not need the lists which I can just google them).
Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question