Announcement

Collapse
No announcement yet.

Advice on creating security settings using GPO's

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advice on creating security settings using GPO's

    Hi I am setting up group policies for our domain (windows 2003).
    I am looking at the policies in this location:

    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

    Specifically these two:
    Deny access to this computer from the network
    Access this computer from the network

    I want to prevent all domain users from having access to other PC's in the LAN.
    Next, I want to allow certain users to access PC's in the network using Remote Desktop and VNC, from within the LAN and also when they connect using VPN.
    I also want to allow users access to certain machines directly using \\computername\c$\
    Some PC's have shared printers installed, so they would need to be available.

    Is it possible to set this up by creating different groups, then adding them to the Deny access to this computer from the network and Access this computer from the network policies?

    I have read the warnings about changing the Access this computer from the network policy - would I be creating problems for myself by trying to create access rules in this location? or is there a better way to achieve this?


    Thanks

    Nick

  • #2
    Re: Advice on creating security settings using GPO's

    I tend to use the User Properties in AD and restrict the user account to logging on to specific computers.

    With regards to Remote Desktop, you can use 'Restricted Groups' in Group Policy to restrict that access. Make sure that Domain Users are not local administrators. Use Groups to allow the access to certain accounts.

    Also, it depends how many clients you have with regards to the best solution.

    This is worth reviewing.

    http://technet.microsoft.com/en-us/l.../cc163140.aspx

    Comment

    Working...
    X