Solved

GPO: no Computer's properties (and other common GPOs used in daily basis)

Posted on 2013-02-06
2
594 Views
Last Modified: 2013-02-07
Hi,

This is related to configuring the GPO for the Workstations in the enterprise environment. I saw in a company as the followings:

-      For a certain group of users; say it; user: “Sales” (around 30 workstations)
-      When “Sales” login to the workstation, she/he can see the “My Computer”
-      But When “Sales”, right-click “My Computer” and select “properties”, “Sales” cannot see or open the “Properties”

I Know how to create a GPO; for the above, i will do the followings:
-I create an OU (just called it "Transaction" OU)
- I will put all the "Sales" user in this Transaction OU
- Then, I will create the GPO and apply it to the Transaction OU
- If necessary, I will go to the workstation, and do gpupdate /force and gpresult


My Questions:
1) How to create the above GPO? (Please provide the Path)
2) What Kinds of USUAL or COMMON GPOs are usually used in DAILY basis at the production environment? (Please provide as many as you know)

Thank you

tjie
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 500 total points
ID: 38862598
See:  http://www.kreslavsky.com/2009/10/block-access-to-my-computer-properties-menu-in-windows-7-and-vista.html

Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Regarding your second question, most of our workstation GPOs are to lock down workstations and IE  browser, from a security standpoint. That means disabling user installs, setting default screensaver w password timeouts, disabling games, locking down IE to prevent stuff from running if its malicious, all that stuff. WAY too many to list. It is advised that you look up some common best practices and defined settings such as NIST's guidelines.

http://web.nvd.nist.gov/view/ncp/repository
http://technet.microsoft.com/library/cc677002.aspx
0
 

Author Comment

by:tjie
ID: 38862667
To Experts: Please just provide the lists that you encountered in your daily experiences (if any); 3 or 4 are more than enough (Note: I do not need the lists which I can just google them).
Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question