Solved

GPO: no Computer's properties (and other common GPOs used in daily basis)

Posted on 2013-02-06
2
586 Views
Last Modified: 2013-02-07
Hi,

This is related to configuring the GPO for the Workstations in the enterprise environment. I saw in a company as the followings:

-      For a certain group of users; say it; user: “Sales” (around 30 workstations)
-      When “Sales” login to the workstation, she/he can see the “My Computer”
-      But When “Sales”, right-click “My Computer” and select “properties”, “Sales” cannot see or open the “Properties”

I Know how to create a GPO; for the above, i will do the followings:
-I create an OU (just called it "Transaction" OU)
- I will put all the "Sales" user in this Transaction OU
- Then, I will create the GPO and apply it to the Transaction OU
- If necessary, I will go to the workstation, and do gpupdate /force and gpresult


My Questions:
1) How to create the above GPO? (Please provide the Path)
2) What Kinds of USUAL or COMMON GPOs are usually used in DAILY basis at the production environment? (Please provide as many as you know)

Thank you

tjie
0
Comment
Question by:tjie
2 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 500 total points
ID: 38862598
See:  http://www.kreslavsky.com/2009/10/block-access-to-my-computer-properties-menu-in-windows-7-and-vista.html

Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Regarding your second question, most of our workstation GPOs are to lock down workstations and IE  browser, from a security standpoint. That means disabling user installs, setting default screensaver w password timeouts, disabling games, locking down IE to prevent stuff from running if its malicious, all that stuff. WAY too many to list. It is advised that you look up some common best practices and defined settings such as NIST's guidelines.

http://web.nvd.nist.gov/view/ncp/repository
http://technet.microsoft.com/library/cc677002.aspx
0
 

Author Comment

by:tjie
ID: 38862667
To Experts: Please just provide the lists that you encountered in your daily experiences (if any); 3 or 4 are more than enough (Note: I do not need the lists which I can just google them).
Thanks
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question