Add a Group Policy to a specified user

[kkullot]

I am trying to create a Group Policy for a specific user and when I try to do this the Group Policy is setting it for all users except the ones I distinguish.

Here the lowdown: We have public users come in and use a few computers and have access to certain programs. What I want to do to those PC's is create a GP that will only allow them to use those programs and those programs only. They shouldn't have access to the internet and extra stuff. These computers are on the network. What do I need to do in order for this user to be locked down? I don't want to set up each PC individually. We exchange the computers every year.

thanks

 

[captaincrunch00]

Put the user or the computer in an Organizational Unit (OU), block inheritance with the default GPO and create a new Group Policy just for that OU that blocks Internet usage, allows only certain programs, or whatever else you want to do.

 

[kkullot]

I am using AD. Just to let you know.

 

[kkullot]

What I did was create an OU under the DC. Then created another OU under the other OU and named it Group Policy that way when I create other group policies I will put all of them into that OU. From there I am kinda lost. I've tried a few things but to no avail. Is this okay to do or is it all wrong.

 

[captaincrunch00]

What you should do is have one top level OU for your domain. Set the domain group policy on that OU to have things like Password length and retention and whatnot that everyone should have.

Then create seperate OUs within that such as "Marketing" or "Sales" or "IT" or whatever you have. Create GPOs for them, or if they all have the same needs, just create one for all of them.

Sort the users and computers in there, then create another OU within one of those named something like "No Internet" or something.

Then go to the group policy manager, and create and link a brand new Policy to the "No Internet" OU. Make that (and only that GPO) have your requirements like No internet access, not able to right click, not able to go to control panel, not able to go to task manager, no run menu... Whatever you want.

Here's a txt layout of my domain:

Domain - Domain GPO linked
+ Branch 1
+ Branch 2
+ Branch 3
+ No Internet - No Internet GPO linked to this OU
+ Branch 4
+ Branch 5


I hope that makes some sense.

 

[kkullot]

This is what mine looks like so far. Am I on the right track?

Active Directory Users and Computers
-DC
-OU#1
- Group Policy
- PublicTerminal
- Groups
- Users
- OU#2

 

[captaincrunch00]

Your OU is called Group Policy? or is your Group Policy linked to the OU called "PublicTerminal"?

But yes, you're on the right track, just put the PCs or users in the PublicTerminal OU (or folder, why didnt they call them folders anyway?) and then create and link a GPO to that folder and lock them down as tight as you want.

 

[kkullot]

The OU is called Group Policy. That is what someone else named it. I am just trying to figure it out for someone.

 

[kkullot]

Where is the group policy that disable Internet Explorer?