Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disable Control Panel For Computer

Status
Not open for further replies.
PU36

PU36

MIS
Mar 16, 2005
202
US
How do I prevent access to the Control Panel (mainly Add\Remove Programs) regardless of who logs in?
 
Sort by date Sort by votes
GPO

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
I'm awware of utilizing a GPO but how? I don't want it to effect every computer in the domain or in a particular OU. I just want it to apply to a group of computers that in a Security Group.

I have currently created a GPO with a "Lockout" Security Group and have placed those computers in the group. When I run gpresult on thos computers they do show that the policy does take effect.

HOWEVER, within the GPO you can't lockout the control panel on a computer basis. It is only on a User basis. How do I get it on a Comptuer basis level?
 
Upvote 0 Downvote
I worked in a place where everything was locked down. Some control panel applets can be hidden through GPO, and some disabled (eg display properties). However, people could still search for and run the underlying applet. In your case, as add/remove is what you're most interested in, can't you put restrictions on appwiz.cpl, which is what add/remove programmes is. EG, if it's ordinary users who you want to keep out of there, you can put something in their logon script (eg use cacls to give the users no access to the file), or a GPO to deny this access.
 
Upvote 0 Downvote
I was hoping for something easy but if that is the way to do then I will make it happen. I just wish that MS would change that. If the GPO stated no access then it should do all that for us.

Then again if it was that easy our jobs would become meaningless.
 
Upvote 0 Downvote
GPO tied to the correct OUs. If there are computers in that OU that you don't want it applied to, put the desired computers into a group and filter the GPO based on that group.

If it's a user setting that you want to apply to computers, read about loopback processing in GPOs.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
Well here is what I did.

1. Created a GPO named "Computer Policy"
2. Created a Security Group called "Computer Lockdown"
3. Removed "Authenicated Users" from the GPO and added "Computer Lockdown" with read permissions
4. Added the computer that I want to lock down to the "Computer Lockdown" security group.
5. Made the modifications to the GPO\Computer Configuration

Since I have only given permisions to the "Computer Lockdown" and placed only computers in this group any settings within the "User Configuration" will not apply. Since some setting aren't available on a computer basis I had to create a customer ADM that will modify the registry points for me.

6. Added the custom ADM to the GPO (which disabled/hides the control panel, disabled cmd and regedit tools).
7. Rebooted the machines in the "Computer Lockdown" security group.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
536
gbaughma
gbaughma
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
470
fightaccording
fightaccording
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
900
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
486
mangentle
mangentle
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
211
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top