Announcement

Collapse
No announcement yet.

Restrict workstations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict workstations

    I want to create a GPO to log off any idle RDP sessions longer than 1 hour. The GPO will be configure on "computer configurations" unless someone thinks "user configuration" would work best. The GPO will be set at the domain level so it affects all of the servers. Here is my questions.....how do I exclude all workstations from this GPO? GPO delegation, deny???

  • #2
    Re: Restrict workstations

    One method is to create a global group, add the computers that you want to exclude. Then on the GPO, modify the permissions to deny apply group policy.

    Alternatively, if you structure AD OUs you can better target your systems.
    JM @ IT Training & Consulting
    http://www.itgeared.com

    Comment


    • #3
      Re: Restrict workstations

      Put the workstations in an OU and block inheritance?
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Restrict workstations

        Global group? Do you mean universal group? I have 2000 workstations. If I were to add them to a group, is there an easy way to do it besides manually adding them to the group 1 by 1?

        Comment


        • #5
          Re: Restrict workstations

          Universal groups are for cross domain use (apart from Exchange 2010, but we won't go there...) -- global groups are for putting security principals into in a domain.

          You may groups of workstations already, so can add those groups to another one, alternatively you can select in bulk and add to a group or use various scripting options.... but if you manage a domain with 2000+ workstations, you are already aware of all of this?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Restrict workstations

            It would be Univeral groups if I have multiple domains within the forest?

            Comment


            • #7
              Re: Restrict workstations

              AGULP...
              Accounts (user or computer) go into Global Groups (in the account domain) which go into Universal groups (not really in any domain) which go into Domain Local groups (in the resource domain) which have Permissions applied to them.
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment

              Working...
              X