Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

restricting users from viewing control panel on a local DC.

Status
Not open for further replies.
teknoguy

teknoguy

Technical User
Feb 1, 2001
182
CA
I have users which are logging into the local domain controller. I have put these users into a sales group which are located in a Sales OU. question is i want to restrict these users from viewing particular things like control panel, other users profiles, and certain drives. I have created a GPO for the sales group to do such thing, but it doesn't seem to work. i have enabled the loopback policy on the domain controller policy but that still doesn't seem to work. any input would be great. thanks

ps: i think i might be missing some fundamental concepts of Group Policy Objects.
 
Sort by date Sort by votes
After creating the GPO and making sure you as the admin are NOT a member.Right click on the OU properties/Gpoup policy/edit.Go to user configuration/admin templates and enable the ones you want to take affect in the OU.Ok your way out and either reboot or logoff and logon.Try one of the users names and see if it works.
 
Upvote 0 Downvote
HELLO,
With GPO you can restrict many things. Give "Block Policy Inheritance" in your GPO. Because this will block any GPO settings on domain. In GPO try to set "refresh interval" settings in your sales GPO as minimum refresh time to take effect.
 
Upvote 0 Downvote
thanks for your reply.

i followed your instructions but it still doesn't seem to be working.

heres what i did.

1)put 4 users in sales group.
2)put sales group in sales OU
3)right clicked OU, created new group policy.
4)added GPO in mmc snap-in.
5)opened computer config - admin templates - system group policy- user group policy loopback mode - enabled.
6)open user config - admin templates - desktop - applied policies.

each user is a member of the sales dept, and domain user.
i added the sales dept to the security tab of the GPO properties and gave them read and apply group policy permissions. also removed authenticated user from security. (am i supposed to do that?)

i also did what you said, to block policy inheritance. and set the policy refresh interval under user configuation on the sales GPO, and that still didn't seem to work. should i be changing any of the domain controllers policies??

thanks.
 
Upvote 0 Downvote
Does anyone have any suggestions??

thanx
ryan needam
 
Upvote 0 Downvote
HAI,
It is not better to remove "authenticated users from security tab"if you had removed it then you should have added the SALES GROUP IN THE SECURITY TAB and APPLY GROUP POLICY for it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
269
hairlessupportmonkey
hairlessupportmonkey
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
829
goombawaho
goombawaho
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
240
RRankin355
RRankin355
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
304
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
592
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top