+ Post New Thread
Results 1 to 9 of 9
Windows Server 2008 R2 Thread, Group Policy verbiage in Technical; I know it's not exactly windows server 2008 r2, but I'm rather sure the group policy management is the same. ...
  1. #1

    Join Date
    Mar 2012
    Location
    US
    Posts
    56
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    6

    Group Policy verbiage

    I know it's not exactly windows server 2008 r2, but I'm rather sure the group policy management is the same.

    I'm on a windows small biz server making a group policy, and my question is under security filtering it has Name: Authenticated users, and then the list of computers I added. The group policy is to disable control panel access, and I'd like to know if I implement this will it hit all authorized users or just the computers I specified. I know it's a bit of a silly question, but I'm doing this in production and would rather posted a dumb question than disable control panel on my client's entire network.
    Attached Images Attached Images

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    It'll kill it for all users, you want to put the users in question in a new sub OU and apply the gpo to that or (not as good) remove auth users from the perms you posted.

  3. Thanks to SYNACK from:

    rslulz (30th March 2012)

  4. #3

    Join Date
    Mar 2012
    Location
    US
    Posts
    56
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    6
    I figured that was the case, but wanted to be sure so after removing auth users it would just hit the specified machines/users I have designated?

    Thank you Synack for your quick response!

  5. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Is it a peruser or percomputer policy, you should apply to users or computers, there is also a time penalty for using perms to filter GPOs instead of OUs.

  6. Thanks to SYNACK from:

    rslulz (30th March 2012)

  7. #5

    Join Date
    Mar 2012
    Location
    US
    Posts
    56
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    6
    I'd like to disable it via the computer level, but I'm thinking it would be better to do it via user. End goal is to not allow control panel or admin rights on six machines on the production floor, and disable internet access (I did that via dhcp by breaking the router in a reservation attached to their mac address)

  8. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Two seporate policies, one for machines, one of users each applied to an ou containing the users or computers. User one blocks it for those users everywhere. Per machine blocks it for all users on that machine.

    If you want it just for those users, only on those machines you may need to use loopback policy processing or rethink your objective.

  9. #7

    Join Date
    Mar 2012
    Location
    US
    Posts
    56
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    6
    I'll just set it to the computer level thank you very much for your help Synack!

  10. #8

    Join Date
    Mar 2012
    Location
    US
    Posts
    56
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    6
    Synack after thinking about it I'd need to be able to log in with my admin account and access control panel. So after all looks like I'm going username route.

  11. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by rslulz View Post
    Synack after thinking about it I'd need to be able to log in with my admin account and access control panel. So after all looks like I'm going username route.
    Yeap, thats probably the easiest way to handle it.



SHARE:
+ Post New Thread

Similar Threads

  1. .Net Trust Level by Group Policy
    By daverage in forum Wireless Networks
    Replies: 0
    Last Post: 31st January 2006, 12:10 PM
  2. Trusted Sites via Group Policies?
    By mullet_man in forum Wireless Networks
    Replies: 5
    Last Post: 12th January 2006, 03:42 PM
  3. Sort By Name Group Policy
    By mattpant in forum Wireless Networks
    Replies: 6
    Last Post: 16th November 2005, 03:59 PM
  4. Blocking Batch Files using Group Policy in Server 2003
    By markwilliamson2001 in forum Windows
    Replies: 13
    Last Post: 4th October 2005, 06:28 PM
  5. Group Policy Settings Examples
    By mattpant in forum Wireless Networks
    Replies: 20
    Last Post: 18th September 2005, 12:12 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •