Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy for users

Status
Not open for further replies.
acn

acn

Technical User
Jul 9, 2003
4
0
0
GB
I'm currently running a windows 2000 network with a 2000 server and 2000 professional workstations.

I've set-up active directory and can logon to the domain perfectly from the workstations. Whenever i logon it applies the Default Domain Policy for all users.

I was wondering if there was any way to change the whole group policy for different user groups. For example: I would like to disable features such as Lock Workstation and other stuff for normal users but keep it enabled for Administrators.

I'm sure there must be a away as it was possible with the System Policy Editor but I can't get this to work on my 2000 server system.

Any ideas?

Thamks in advance.
 
Sort by date Sort by votes
normaly the group policy doesn't have effect on the administrators


or you can make organizational units in the AD


greetz

groovy
 
Upvote 0 Downvote
how do you make organizational units?
 
Upvote 0 Downvote
in active directory users and computers right click the domain and select new organizational unit. move the users you want to apply the policy to into that OU and apply the GPO to that OU
 
Upvote 0 Downvote
thanks - some how I already knew that - dunno why I asked really - sorry.
 
Upvote 0 Downvote
I am having the same problem, I created the OU applied the GPO to the OU, but when the clients logs on, the desktop does not show the policy.

Any idea why?
 
Upvote 0 Downvote
Did you apply in the security for the Group policy the members of that particular OU. For eg, all the users in that OU belong to a global group called ABC. When you apply the group policy to the OU, in the security option you add the global group ABC and check the box which says Apply Group Policy (or something similer) to them.
You can then run the commands below on a dos prompt on your domain controller to get the changes done straight away.
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE




Claudius (What certifications??)
 
Upvote 0 Downvote
go into the properties of the GPO, go to the security tab, add teh domain admins or applicable administrators group and click the deny read and apply group policy permissions.

 
Upvote 0 Downvote
keep authenticated users in there though so it still applies to everyone else

the deny permissions for administrators will voerride the authenticated users permissions

none of the group policy will apply to the admins anymore though
 
Upvote 0 Downvote
default permissions for a group policy by the way are read and apply group policy to the authenticated users group...all authenticaetd users
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
102
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
132
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
89
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
118
fightaccording
fightaccording
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
51
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top