Sign-in / Sign-up
Your question

Locking computers down so that users cannot change any set..

Tags:
  • Computers
  • Microsoft
  • Windows
Last response: in Windows 2000/NT
Anonymous
October 29, 2004 7:20:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I do not want my users to make any setting chages in the workstations. I
want there to be a standard and people cannot change desktop settings. I
need to know which OU policies I need to enable or disable to secure my
network.

Please Help! Thanks.

More about : locking computers users change set

Anonymous
October 30, 2004 2:54:04 AM

Archived from groups: microsoft.public.win2000.security (More info?)

If you look in Group Policy under user configuration/administrative
templates/desktop and configuration/administrative templates/start menu you
will see a lot of options you can try. For the desktop settings note that
they differ depending on if you are using Active Desktop or not. Other
options may be to use mandatory user profiles or changing the users
permissions to their desktop folder in their user profile under documents
and settings so that they have only read/list/execute. Restricting Desktop
settings alone, while it has it's merits, will not do much to secure your
network For that you also need to configure strong password policy,
restrict users to the users group if possible, apply the principle of least
needed permissions to resources such as shares, have a firewall, antivirus
protection, and take many other steps. If you have Windows XP Pro computers,
you will find Software Restriction Policies very helpful in preventing users
from installing or running unauthorized applications.The links below may be
helpful. --- Steve

http://support.microsoft.com/?kbid=323368 -- assigning mandatory profiles.
http://www.microsoft.com/smallbusiness/gtm/securityguid... --
Microsoft Small Business Security Guidance.

"Needy1" <Needy1@discussions.microsoft.com> wrote in message
news:E2C52234-8FFC-4D13-AE79-F96EB2228E63@microsoft.com...
>I do not want my users to make any setting chages in the workstations. I
> want there to be a standard and people cannot change desktop settings. I
> need to know which OU policies I need to enable or disable to secure my
> network.
>
> Please Help! Thanks.
Anonymous
November 5, 2004 6:38:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steven,

I'm not using profiles. I was wondering if I can do this in the Group
Policies.

"Steven L Umbach" wrote:

> If you look in Group Policy under user configuration/administrative
> templates/desktop and configuration/administrative templates/start menu you
> will see a lot of options you can try. For the desktop settings note that
> they differ depending on if you are using Active Desktop or not. Other
> options may be to use mandatory user profiles or changing the users
> permissions to their desktop folder in their user profile under documents
> and settings so that they have only read/list/execute. Restricting Desktop
> settings alone, while it has it's merits, will not do much to secure your
> network For that you also need to configure strong password policy,
> restrict users to the users group if possible, apply the principle of least
> needed permissions to resources such as shares, have a firewall, antivirus
> protection, and take many other steps. If you have Windows XP Pro computers,
> you will find Software Restriction Policies very helpful in preventing users
> from installing or running unauthorized applications.The links below may be
> helpful. --- Steve
>
> http://support.microsoft.com/?kbid=323368 -- assigning mandatory profiles.
> http://www.microsoft.com/smallbusiness/gtm/securityguid... --
> Microsoft Small Business Security Guidance.
>
> "Needy1" <Needy1@discussions.microsoft.com> wrote in message
> news:E2C52234-8FFC-4D13-AE79-F96EB2228E63@microsoft.com...
> >I do not want my users to make any setting chages in the workstations. I
> > want there to be a standard and people cannot change desktop settings. I
> > need to know which OU policies I need to enable or disable to secure my
> > network.
> >
> > Please Help! Thanks.
>
>
>
Anonymous
November 6, 2004 2:56:44 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Yes, you should have good success with Group Policy as I mentioned
particularly in user configuration/administrative templates. However I don't
believe you can totally lock the desktop using Group Policy. If you change
the permissions to their desktop folder under documents and
settings/%username% and make it so they only have read/list/execute
permissions they will not be able to add or delete items from the desktop if
used with Group Policy restrictions. The link below to Common Desktop
Scenarios may be helpful. It is geared for Windows 2003 but should still
work for those settings that apply to Windows 2000 computers. You can and
should use the Group Policy Management Console in Windows 2000 as long as
you have a Windows XP Pro computer on the domain that you can run it from.
If you do that, be sure that computer is secured, ideally physically also,
as you will need to logon to it as a domain administrator. --- Steve

http://www.microsoft.com/technet/prodtechnol/windowsser...

"Needy1" <Needy1@discussions.microsoft.com> wrote in message
news:3C6E6D36-2D1D-440A-9AEA-CA85E4A00CDF@microsoft.com...
> Steven,
>
> I'm not using profiles. I was wondering if I can do this in the Group
> Policies.
>
> "Steven L Umbach" wrote:
>
>> If you look in Group Policy under user configuration/administrative
>> templates/desktop and configuration/administrative templates/start menu
>> you
>> will see a lot of options you can try. For the desktop settings note that
>> they differ depending on if you are using Active Desktop or not. Other
>> options may be to use mandatory user profiles or changing the users
>> permissions to their desktop folder in their user profile under documents
>> and settings so that they have only read/list/execute. Restricting
>> Desktop
>> settings alone, while it has it's merits, will not do much to secure your
>> network For that you also need to configure strong password policy,
>> restrict users to the users group if possible, apply the principle of
>> least
>> needed permissions to resources such as shares, have a firewall,
>> antivirus
>> protection, and take many other steps. If you have Windows XP Pro
>> computers,
>> you will find Software Restriction Policies very helpful in preventing
>> users
>> from installing or running unauthorized applications.The links below may
>> be
>> helpful. --- Steve
>>
>> http://support.microsoft.com/?kbid=323368 -- assigning mandatory
>> profiles.
>> http://www.microsoft.com/smallbusiness/gtm/securityguid... --
>> Microsoft Small Business Security Guidance.
>>
>> "Needy1" <Needy1@discussions.microsoft.com> wrote in message
>> news:E2C52234-8FFC-4D13-AE79-F96EB2228E63@microsoft.com...
>> >I do not want my users to make any setting chages in the workstations.
>> >I
>> > want there to be a standard and people cannot change desktop settings.
>> > I
>> > need to know which OU policies I need to enable or disable to secure my
>> > network.
>> >
>> > Please Help! Thanks.
>>
>>
>>