asked on

Restricted Domain Group Policy

Hi I want to create an OU where i want to put all stored computers, servers and users with doubts. Idea is to restrict these objects (both Computer as well as user) in the domain.

When any floor engineer would take out the system from store, the group policy will not allow the system to be used in domain until the inform the Domain Admins. Once the admin moves the system to right OU, the system is then becomes usable.

Same way, if we have any doubt about any user id, we would move the user id to a restricted OU, where the group policy would restrict the user to get in to domain until domain admin moves the id to correct OU.

How do we do it? I want a group policy/ policies which will do this job for us.

ASKER CERTIFIED SOLUTION

#AKS#

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

#AKS#

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Tahir Qureshi

you can try this (Make sure you test these setting before you do on Prod Environment)

create a GPO called XYZ
edit the GPO
Computer COnfiguration > Windows Settings> "Local Policies"
click "User Rights Assignment" and double click "Allow log on locally" and add the following Groups (Administrator, Domain Admin)

Computer COnfiguration > Windows Settings> Security options > "Do not require CTRL+ALT+DEL" define the setting and disable it.

Shaun Vermaak

See my article on tier isolation.
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html