+ Post New Thread
Results 1 to 5 of 5
Windows Thread, Computer lockdown policy in Technical; Hi Am building a brand new domain and was wondering how much everyone locks down their PCs. Anyone willing to ...
  1. #1

    Join Date
    Mar 2008
    Location
    Gloucestershire
    Posts
    32
    Thank Post
    2
    Thanked 2 Times in 2 Posts
    Rep Power
    13

    Computer lockdown policy

    Hi

    Am building a brand new domain and was wondering how much everyone locks down their PCs.
    Anyone willing to share their AD group policy settings for me to use as a starting point?

    Thanks

  2. #2

    Join Date
    Apr 2007
    Location
    London
    Posts
    235
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    16
    I used to use the Ranger lockdown policy as a template. A few things you might consider.

    Disable control panel, disable right click on desktop, disable command prompt.

    Ideally you want to give the users only the access they need to do what they need to do so for instance students would be restricted users. No install rights.
    Also, roaming profiles are a good idea purely because then they don't need any write access to the local machine as they save any work to their folder on the network, plus it's easier for backing up purposes.

    Sorry as I haven't had to do one of these in a while so can't remember everything, but hopefully that gives you a starting point.

  3. #3

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    6
    Least rights possible

  4. #4
    biz
    biz is offline
    biz's Avatar
    Join Date
    Jun 2012
    Location
    UK
    Posts
    6
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Roaming profiles are a good idea.

    For staff we restrict access to Add/Remove Programs, disable right click on the Start menu, turn off the Run button and not much else - what's the point?

  5. #5

    Join Date
    Jan 2012
    Posts
    170
    Thank Post
    8
    Thanked 16 Times in 15 Posts
    Rep Power
    37
    i would say folder redirection with offline files is a better idea these days than roaming profiles.

    admin rights for staff is probably not necessary these days, staff may throw their arms up - but overall AUP policies apply to them just as much as to those
    who you'd expect to lock down. I found it to have been a bugbear when nasties like confiker were still loitering around a network, all the work done to try and keep machines up to date undone by not having complexity requirements for domain passwords AND giving users with common passwords local admin rights. So why bother unless you desperately need those badly written scripts and apps that upset the applecart.

SHARE:
+ Post New Thread

Similar Threads

  1. Computer Group Policy
    By googlemad in forum Windows Server 2008 R2
    Replies: 0
    Last Post: 27th July 2011, 03:32 PM
  2. Local account lockdown policy
    By GoldenWonder in forum Windows 7
    Replies: 2
    Last Post: 27th September 2010, 02:26 PM
  3. Replies: 21
    Last Post: 11th July 2006, 07:37 PM
  4. Replies: 0
    Last Post: 23rd May 2006, 10:03 AM
  5. default computer policy problem
    By standunstan in forum Windows
    Replies: 24
    Last Post: 19th May 2006, 02:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •