• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows 2000 Group Policy

U

UNIX72

Member
I have to lock down 30 pc's with windows 2000 professional. Has anybody use gpedit? I want the policy to only be local to the workstation. Does not need to communicate to active directory or server, just local. My desire setup is just to have 2 applications on the desktop that's all. Bascially there will be only two accoutns administrator and user with policy settings. Sounds easy but mostly the documentation refers to group policy with AD. Does anybody have links or good configs to give, thanks.
 
I've done a similiar thing in the past with both NT4 and Win2000 pro. What I did was build a default profile. And then use the registry and NTFS perms to allow specific apps. Look at Windows 2000 FAQ and Jsi Inc for registry specific settings.
 
Grab one of them and create a Security template via MMC to your satisfaction, and then import that template on the all the workstations.

Good luck!
 
If you have an Active Directory set up, you should use it to push the policy to the machines. It's not more complicated, it's actually easier. If you can, you should make the policy affect users, and not computers. There are cases where the computer needs to be locked down, but remember, computer/machine policy will affect the administrator as well. There is nothing worse than logging on as an Admin and discovering you cannot troubleshoot the box because it has been locked down.

My advice would be to place all of the users you want to affect into an OU, and then apply the policy to that OU. It's very simple stuff. As far as the different settings, why not just browse slowly though the policies and decide what is appropriate. That's how I learned them.
 
Absolutely use GPOs, all these are USER policies anyway. Make sure that the Admins are not in the OU you link the policy to, or make sure that the Admins are DENIED APPLY in the ACL for the GPO. Local policies won't work as you want them to.

I assumed that you do have an AD available.

--Woodie
 
What they said! 🙂
Use AD, using the global editior on each desktop will apply all settings to ALL users, admin or no....
That is where you see the most issues, if you do not use AD then you have to do a ton of work to get it all right, using AD it is much easier.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top