General discussion

Locked

Group Policies and Security

By Steven Rosson ·
I am working for a small private school with a Windows 2000 server and about 20 computers (with Windows 2000.) I do not have much experience with Windows 2000 and have many questions, but this is the most important - I'll try to make this short and to the point.

Before the Windows 2000, we were peer-to-peer on Windows 9x/ME. I used .REG files to merge keys restricting user activity. (Teachers could run TEACHER.REG off their disk to disable security lockout keys.) After the upgrade, I am having some trouble getting the local securities configured. I know I should use the policies on the server but am somewhat confused as to how I can do this. I have read that security policies can not be done on a per-user or per-group basis without "tricking" Windows - I was hoping to stick to the standard and intended operation of Windows, as I am not advanced enough to go far beyond that.

The ultimate goal is to be able to have different local security restrictions applied to different groups.For example, students should not be able to browse to sites with potentially inappropriate content ratings, but teachers should be able to. Another is that local drives should be hidden from everyone except domain administrators. (I know how to do this with the local security policies but I feel this would take too long to configure on each computer.)

How can I effectively accomplish this? Would it still be prudent to merge .REG files when a user logs on? Is there a similar function for SECPOL files?

Details will be appreciated as, like I've said, I am relatively new to Windows 2000. Thank you in advance for your assistance.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Group Policies and Security

by Kinetechs In reply to Group Policies and Securi ...

You're smart trying to stay away from those filtering "tricks" for GPOs by applying security. You say that you're new to 2000...are you familiar with the structure of AD? The part that you'll be concerned with now would be Organizational Units (OUs). OUs are a way of creating a hierarchy of AD objects (I try not to call it "grouping" objects because that term is already used for Groups). You'll want to create an OU for each set of users that will need different settings. Now, separate create a GPO for each OU. No more REG files. Take a look at the following MS links for more info (remember to remove any spaces fro URL).

http://www.microsoft.com/technet/prodtechnol/ad/windows2000/maintain/gpo.asp

http://www.microsoft.com/technet/prodtechnol/ad/windows2000/maintain/adop7.asp

Cheers!
~Sean

*********************************************
NOTE - When closing your question, please
provide comments. - Thank you.
*********************************************

Collapse -

Group Policies and Security

by Steven Rosson In reply to Group Policies and Securi ...

But how do I actually ipmlement security once I have created the organizational units? Is there some type of policy file I can merge? Is it possible to accomplish what I want (having domain users/administrators log onto the same computer and have two different sets of restrictions) to do?

Collapse -

Group Policies and Security

by Joseph Moore In reply to Group Policies and Securi ...

Yes, you can apply Group Policy settings on an Organizational Unit level. So you put all of your teachers in a TEACHERS OU, and your students are in the STUDENTS OU.
You then modify the GP policy on the TEACHERS OU to let those OU members do whatever you want; the same goes for the STUDENTS OU (but in this case, you prevent the OU members from doing stuff).

Only put the user accounts in the OUs; don't put the computers use in the OUs.

GP is a big topic. Here is a link to a general GP paper that can start you to understanding them.
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicyintro.asp
(please remove any spaces)

good luck

Collapse -

Group Policies and Security

by Steven Rosson In reply to Group Policies and Securi ...

Thanks, this is exactly what I was looking for. Thank you, zrabi, for also taking the time to answer.

Collapse -

Group Policies and Security

by Steven Rosson In reply to Group Policies and Securi ...

This question was closed by the author

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums