AD GPO to limit users permission on specific machines
I have requirement to setup a machine with the below configuration.
When a user login to machine user cannot add/delete any applications
user cannot add/delete/modify any files on the machine / desktop too.
I need help to setup same via gpo to specific machines not to user specific.
When a user login to machine user cannot add/delete any applications
user cannot add/delete/modify any files on the machine / desktop too.
I need help to setup same via gpo to specific machines not to user specific.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When a user login to machine user cannot add/delete any applicationsDo not give administrative rights
user cannot add/delete/modify any files on the machine / desktop too.No builtin way to do this. You can use mandatory profiles to delete any changes upon logoff/restart. You could change the owner of desktop/documents etc. and set it as deny write.
ASKER
How can I disable add/delete/modify any files all the location except desktop.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How can I disable add/delete/modify any files all the location except desktop.In general that is the experience you get as a normal user (except obviously other user folders such as documents)
ASKER
still i can create as normal user
Yes
ASKER
Thanks for your help.
ASKER
When a user login to machine user cannot add/delete any applications
user cannot add/delete/modify any files on the machine / desktop too.