I`m trying to restructure my company's group policys.
I have a very basic idea on how to set these policies but im stuck on a few things and I was wondering if this forum could fill in the gaps.
Basicly I have 2 Drives on are server C: F:.
C: holds all of are programs and OS
F: holds most of are shared info.
Now I didnt deploy this server or I would have sperated the OS from everything.
So basicly we have 3-4 users that need access to all the drives which is fine (there the owners and me)
All users need access to a prgram that does are database(vistrax,pps,etc) Basicly users will be saving file, moding them, etc I`ve tried hiding drives, disabling my computer etc which keeps most of are user out of the C: drive.
I have a few users that need access to my computer to use there mapped drives or access certain folders in the C: like payroll, HR, etc.
My fear is one of these employee deleting something critial.. Some users have already deleted files they shouldnt have already..
So here is the question. Is there a way to maybe link certain folders for employees to see on there destop with out having to go through my computer. An example C:\HR.
While doing that I can I restrict them from viewing and creating problems in the C: drive?
What about them getting to there mapped drives?
i`m new to this.. I was sorta thrown in this role =)
Aslo is there a way to keep taps on what web sites people are visting? Like a free program or script??
Create AD group or Local Groups (I prefer AD groups). From there, remove rights from the folders/programs for everyone and restrict it to the AD group. Add members to their respective AD group to get permission to run those apps, or access certain folders.
Instead of having "localserver\Users" having modify or execute rights, remove Users. Add in your group, "servername-AppName" and give them read/modify/execute rights. Only users in that group would have access to that application.
ok I sorta understand. How do i get to choose what program to run in AD gpo.
Right now I have three basic rooms i`m testing
Lets say I wont all employees to have access to web, vistrax, microsoft programs and F:\Shared and F:\Tree
Supervisors will have access to HR and Payroll on the C:\ C:\hr and C:\payroll.
IS well I want that open and I know how to do that.
Like I said I dont want any normal employee to be able to del any file but I do want supervisors to beable to clean up the shared and tree files. All users will be adding and moding files in the directories.