Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPO: no Computer's properties (and other common GPOs used in daily basis)

Posted on 2013-02-06
2
Medium Priority
?
595 Views
Last Modified: 2013-02-07
Hi,

This is related to configuring the GPO for the Workstations in the enterprise environment. I saw in a company as the followings:

-      For a certain group of users; say it; user: “Sales” (around 30 workstations)
-      When “Sales” login to the workstation, she/he can see the “My Computer”
-      But When “Sales”, right-click “My Computer” and select “properties”, “Sales” cannot see or open the “Properties”

I Know how to create a GPO; for the above, i will do the followings:
-I create an OU (just called it "Transaction" OU)
- I will put all the "Sales" user in this Transaction OU
- Then, I will create the GPO and apply it to the Transaction OU
- If necessary, I will go to the workstation, and do gpupdate /force and gpresult


My Questions:
1) How to create the above GPO? (Please provide the Path)
2) What Kinds of USUAL or COMMON GPOs are usually used in DAILY basis at the production environment? (Please provide as many as you know)

Thank you

tjie
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 2000 total points
ID: 38862598
See:  http://www.kreslavsky.com/2009/10/block-access-to-my-computer-properties-menu-in-windows-7-and-vista.html

Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Regarding your second question, most of our workstation GPOs are to lock down workstations and IE  browser, from a security standpoint. That means disabling user installs, setting default screensaver w password timeouts, disabling games, locking down IE to prevent stuff from running if its malicious, all that stuff. WAY too many to list. It is advised that you look up some common best practices and defined settings such as NIST's guidelines.

http://web.nvd.nist.gov/view/ncp/repository
http://technet.microsoft.com/library/cc677002.aspx
0
 

Author Comment

by:tjie
ID: 38862667
To Experts: Please just provide the lists that you encountered in your daily experiences (if any); 3 or 4 are more than enough (Note: I do not need the lists which I can just google them).
Thanks
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question