Locking computers down so that users cannot change any set..

Archived from groups: microsoft.public.win2000.security (More info?)

I do not want my users to make any setting chages in the workstations. I
want there to be a standard and people cannot change desktop settings. I
need to know which OU policies I need to enable or disable to secure my
network.

Please Help! Thanks.
3 answers Last reply
More about locking computers users change
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    If you look in Group Policy under user configuration/administrative
    templates/desktop and configuration/administrative templates/start menu you
    will see a lot of options you can try. For the desktop settings note that
    they differ depending on if you are using Active Desktop or not. Other
    options may be to use mandatory user profiles or changing the users
    permissions to their desktop folder in their user profile under documents
    and settings so that they have only read/list/execute. Restricting Desktop
    settings alone, while it has it's merits, will not do much to secure your
    network For that you also need to configure strong password policy,
    restrict users to the users group if possible, apply the principle of least
    needed permissions to resources such as shares, have a firewall, antivirus
    protection, and take many other steps. If you have Windows XP Pro computers,
    you will find Software Restriction Policies very helpful in preventing users
    from installing or running unauthorized applications.The links below may be
    helpful. --- Steve

    http://support.microsoft.com/?kbid=323368 -- assigning mandatory profiles.
    http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
    Microsoft Small Business Security Guidance.

    "Needy1" <Needy1@discussions.microsoft.com> wrote in message
    news:E2C52234-8FFC-4D13-AE79-F96EB2228E63@microsoft.com...
    >I do not want my users to make any setting chages in the workstations. I
    > want there to be a standard and people cannot change desktop settings. I
    > need to know which OU policies I need to enable or disable to secure my
    > network.
    >
    > Please Help! Thanks.
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Steven,

    I'm not using profiles. I was wondering if I can do this in the Group
    Policies.

    "Steven L Umbach" wrote:

    > If you look in Group Policy under user configuration/administrative
    > templates/desktop and configuration/administrative templates/start menu you
    > will see a lot of options you can try. For the desktop settings note that
    > they differ depending on if you are using Active Desktop or not. Other
    > options may be to use mandatory user profiles or changing the users
    > permissions to their desktop folder in their user profile under documents
    > and settings so that they have only read/list/execute. Restricting Desktop
    > settings alone, while it has it's merits, will not do much to secure your
    > network For that you also need to configure strong password policy,
    > restrict users to the users group if possible, apply the principle of least
    > needed permissions to resources such as shares, have a firewall, antivirus
    > protection, and take many other steps. If you have Windows XP Pro computers,
    > you will find Software Restriction Policies very helpful in preventing users
    > from installing or running unauthorized applications.The links below may be
    > helpful. --- Steve
    >
    > http://support.microsoft.com/?kbid=323368 -- assigning mandatory profiles.
    > http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
    > Microsoft Small Business Security Guidance.
    >
    > "Needy1" <Needy1@discussions.microsoft.com> wrote in message
    > news:E2C52234-8FFC-4D13-AE79-F96EB2228E63@microsoft.com...
    > >I do not want my users to make any setting chages in the workstations. I
    > > want there to be a standard and people cannot change desktop settings. I
    > > need to know which OU policies I need to enable or disable to secure my
    > > network.
    > >
    > > Please Help! Thanks.
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Yes, you should have good success with Group Policy as I mentioned
    particularly in user configuration/administrative templates. However I don't
    believe you can totally lock the desktop using Group Policy. If you change
    the permissions to their desktop folder under documents and
    settings/%username% and make it so they only have read/list/execute
    permissions they will not be able to add or delete items from the desktop if
    used with Group Policy restrictions. The link below to Common Desktop
    Scenarios may be helpful. It is geared for Windows 2003 but should still
    work for those settings that apply to Windows 2000 computers. You can and
    should use the Group Policy Management Console in Windows 2000 as long as
    you have a Windows XP Pro computer on the domain that you can run it from.
    If you do that, be sure that computer is secured, ideally physically also,
    as you will need to logon to it as a domain administrator. --- Steve

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/csws2003.mspx

    "Needy1" <Needy1@discussions.microsoft.com> wrote in message
    news:3C6E6D36-2D1D-440A-9AEA-CA85E4A00CDF@microsoft.com...
    > Steven,
    >
    > I'm not using profiles. I was wondering if I can do this in the Group
    > Policies.
    >
    > "Steven L Umbach" wrote:
    >
    >> If you look in Group Policy under user configuration/administrative
    >> templates/desktop and configuration/administrative templates/start menu
    >> you
    >> will see a lot of options you can try. For the desktop settings note that
    >> they differ depending on if you are using Active Desktop or not. Other
    >> options may be to use mandatory user profiles or changing the users
    >> permissions to their desktop folder in their user profile under documents
    >> and settings so that they have only read/list/execute. Restricting
    >> Desktop
    >> settings alone, while it has it's merits, will not do much to secure your
    >> network For that you also need to configure strong password policy,
    >> restrict users to the users group if possible, apply the principle of
    >> least
    >> needed permissions to resources such as shares, have a firewall,
    >> antivirus
    >> protection, and take many other steps. If you have Windows XP Pro
    >> computers,
    >> you will find Software Restriction Policies very helpful in preventing
    >> users
    >> from installing or running unauthorized applications.The links below may
    >> be
    >> helpful. --- Steve
    >>
    >> http://support.microsoft.com/?kbid=323368 -- assigning mandatory
    >> profiles.
    >> http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
    >> Microsoft Small Business Security Guidance.
    >>
    >> "Needy1" <Needy1@discussions.microsoft.com> wrote in message
    >> news:E2C52234-8FFC-4D13-AE79-F96EB2228E63@microsoft.com...
    >> >I do not want my users to make any setting chages in the workstations.
    >> >I
    >> > want there to be a standard and people cannot change desktop settings.
    >> > I
    >> > need to know which OU policies I need to enable or disable to secure my
    >> > network.
    >> >
    >> > Please Help! Thanks.
    >>
    >>
    >>
Ask a new question

Read More

Computers Microsoft Windows