Administering a network such as Windows 2000 Server requires a heavy emphasis on preventing users from getting into trouble, either by making changes to their systems or access resources for which they have no authority. Group policy (discussed last week) can help you take control over user changes and avoid many of these problems before they start.
Here are important group policy changes you should consider making to improve user change control:
- Prevent users from changing the path to My Documents. Do this when you need to ensure that users' documents are redirected to a network share for backup purposes.
- Disable the Control Panel. Do this to prevent users from making changes to their computers' configurations. For example, you can block display or screensaver changes, network settings changes, the entire Control Panel, or only specific applets.
- Disable floppy and CD-ROM drives. Hiding and disabling these drives can prevent users from introducing viruses or unauthorized software onto their computers and thereby exposing the network to infection and compromise.
- Disable the command console. This prevents users from executing commands.
- Disable access to the Registry Editor. This prevents users from making manual changes to registry settings.
These are just some of the important security steps you should take to safeguard your client computers and network through group policy in Windows 2000 Server. Take the time to carefully evaluate the potential risks to your network and identify the policies that will help you mitigate those risks.
Miss a tip?
Check out the Windows 2000 Server Archive, and catch up on the most recent tips from this newsletter.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!