General discussion

Locked

Windows 2003 Default Domain Policy

By Sameh Fouad ·
By using the Default Domain Policy, how can I prevent users from accessing the control panel when they log on using their accounts while I (as an administrator) the only one who can access it using my account.

Thanks

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by TyroneD In reply to Windows 2003 Default Doma ...

A group policy is split into two sections - machine and user. Because you're typing down a terminal session, you only want to apply policy setting to the user. The Group Policy is arranged in a tree system. You can expand different sections, which will show more policies for each section. To enable a policy, double click on the individual entry, then select the Enable option.

1. Open GPO (Group Policy Editor) GPO
2. Scroll to User COnfiguration; expand (+)
3. Scroll to Administrative Templates; expand (+)
4. Scroll to Control Panel; expand (+)
5. On your right, you'll see "Prohibit access to Control Panel" If it is disabled, double-click, enable it and your done!

Collapse -

by Sameh Fouad In reply to

Poster rated this answer.

Collapse -

by Sameh Fouad In reply to Windows 2003 Default Doma ...

I did that before I asked the question, but the problem is that the control panel became restricted even to me, that's why I asked you how to do on users and still I want to have it enabled for me.

Collapse -

by CG IT In reply to Windows 2003 Default Doma ...

the default domain policy is domain wide therefore it affects all accounts within the domain [which best practice is to not modify it. If there is a problem with a GPO you just remove it and the default domain then applies.] You can block policy inheritance for particular user groups but again, its better to create a GPO and then apply it to an OU. If you collect users you want to have the policy applied to into an OU you'll get the same results without having to use the block policy inheritance and modifing the default domain policy.

Collect domain users you want to have the GPO applied to into an OU and then apply it. OUs can be nested so planning out your OU structure is for the network is a prerequisite for GP.

Collapse -

by CG IT In reply to

there are many KB articles and some really good white papers on GP in the Microsoft Help and Support site for Windows Server 2003.

If your GPO is not applied to the OU container there could be different reasons for that. a block policy inheritance on the container, a no override, or the GPO isn't applied to a OU .

Here is one such KB http://support.microsoft.com/kb/885009/en-us

This is a link for MS white paper on GP using the GP mmc : http://support.microsoft.com/kb/818735/en-us

make sure the OU that you collect users into does not have block policy inheritance or the parent container does not block policy inheritance to child containers.

make sure that you log off and log on to refresh GP or use the refresh GP command at the command prompt. GP policies do not automatically take place and the GP default refresh interval is 90 minutes. [you didn't specify that you refreshed GP so that changes take place]

Collapse -

by Sameh Fouad In reply to

Poster rated this answer.

Collapse -

by Sameh Fouad In reply to Windows 2003 Default Doma ...

I am sorry, it seems that I wasn't clear, here is what I did, I created an OU, then created inside it a security group, added all the users that I want to restrict the control panel to them to this group, then I created a GPO to this OU, then in user config, admin. templates, control panel, I enabled "prohibit access to control panel", nothing happened.

Collapse -

by Sameh Fouad In reply to Windows 2003 Default Doma ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums