I am working for a small private school with a Windows 2000 server and about 20 computers (with Windows 2000.) I do not have much experience with Windows 2000 and have many questions, but this is the most important – I’ll try to make this short and to the point.
Before the Windows 2000, we were peer-to-peer on Windows 9x/ME. I used .REG files to merge keys restricting user activity. (Teachers could run TEACHER.REG off their disk to disable security lockout keys.) After the upgrade, I am having some trouble getting the local securities configured. I know I should use the policies on the server but am somewhat confused as to how I can do this. I have read that security policies can not be done on a per-user or per-group basis without “tricking” Windows – I was hoping to stick to the standard and intended operation of Windows, as I am not advanced enough to go far beyond that.
The ultimate goal is to be able to have different local security restrictions applied to different groups.For example, students should not be able to browse to sites with potentially inappropriate content ratings, but teachers should be able to. Another is that local drives should be hidden from everyone except domain administrators. (I know how to do this with the local security policies but I feel this would take too long to configure on each computer.)
How can I effectively accomplish this? Would it still be prudent to merge .REG files when a user logs on? Is there a similar function for SECPOL files?
Details will be appreciated as, like I’ve said, I am relatively new to Windows 2000. Thank you in advance for your assistance.