I have to lock down 30 pc's with windows 2000 professional. Has anybody use gpedit? I want the policy to only be local to the workstation. Does not need to communicate to active directory or server, just local. My desire setup is just to have 2 applications on the desktop that's all. Bascially there will be only two accoutns administrator and user with policy settings. Sounds easy but mostly the documentation refers to group policy with AD. Does anybody have links or good configs to give, thanks.
Windows 2000 Group Policy
- Thread starter UNIX72
- Start date
I've done a similiar thing in the past with both NT4 and Win2000 pro. What I did was build a default profile. And then use the registry and NTFS perms to allow specific apps. Look at Windows 2000 FAQ and Jsi Inc for registry specific settings.
Grab one of them and create a Security template via MMC to your satisfaction, and then import that template on the all the workstations.
Good luck!
Good luck!
If you have an Active Directory set up, you should use it to push the policy to the machines. It's not more complicated, it's actually easier. If you can, you should make the policy affect users, and not computers. There are cases where the computer needs to be locked down, but remember, computer/machine policy will affect the administrator as well. There is nothing worse than logging on as an Admin and discovering you cannot troubleshoot the box because it has been locked down.
My advice would be to place all of the users you want to affect into an OU, and then apply the policy to that OU. It's very simple stuff. As far as the different settings, why not just browse slowly though the policies and decide what is appropriate. That's how I learned them.
My advice would be to place all of the users you want to affect into an OU, and then apply the policy to that OU. It's very simple stuff. As far as the different settings, why not just browse slowly though the policies and decide what is appropriate. That's how I learned them.
Absolutely use GPOs, all these are USER policies anyway. Make sure that the Admins are not in the OU you link the policy to, or make sure that the Admins are DENIED APPLY in the ACL for the GPO. Local policies won't work as you want them to.
I assumed that you do have an AD available.
--Woodie
I assumed that you do have an AD available.
--Woodie
SaigonK
Diamond Member
What they said! 
Use AD, using the global editior on each desktop will apply all settings to ALL users, admin or no....
That is where you see the most issues, if you do not use AD then you have to do a ton of work to get it all right, using AD it is much easier.
Use AD, using the global editior on each desktop will apply all settings to ALL users, admin or no....
That is where you see the most issues, if you do not use AD then you have to do a ton of work to get it all right, using AD it is much easier.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter