Announcement

Collapse
No announcement yet.

Shortcut.to.change.group.policy.setting

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Shortcut.to.change.group.policy.setting

    Scenario: 2k3 AD Domain, XP clients.

    Goal: Prevent student from accessing internet while the instructor deliver the lecture.

    Implementation:

    I create a GPO in STUDENT OU with a setting that uses hash rule to restrict IE from running.

    Question: is there anyway that I can script and create a shortcut so if I want to enable/disable that setting on that particular GPO I just need to double click on it.


    Thanks in advance.

    Regards,
    Teamwork

  • #2
    I'd like to know about this one too!
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Is the lecture at the same time each day? Can you see where I am going?
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment


      • #4
        > Prevent student from accessing internet while the instructor deliver the lecture

        Normally you would configure that in the proxy. Any chance of that?

        Comment


        • #5
          To control our net access we use websense and we can block AD users, AD Groups or Groups of computers. But i would like to know how to apply GP policies at a quick double click... that would be nice!
          Server 2000 MCP
          Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            I think you are taking the wrong approach here...

            By default (this is configurable via GPO) GPO settings on the client computers are refreshed (I hope I remember the numbers correctly) every 90 mins with a random offset of upto +-30 mins.
            This means that after you change the GPO, theoretically, the settings might reach the client computer in 2 hours.
            You can reduce the refresh interval, but you will be creating an unnecessary network traffic.

            Much simpler solution would be either blocking the traffic at the gateway or at the proxy.
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              I agree but it would be nice to be able to apply a gpo to an OU at the running of a script. but hey if aint possible then never mind!
              Server 2000 MCP
              Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Hi all,

                First of all, I do apologize for replying late. I've been extremely busy with projects at work. This time I will spend time to explain more about my situation. At work, we don't have proxy server. Some of the instructors ask me if there is a way to prevent students from browsing internet while they deliver the lecture. Since I don't have enough money in the budget to afford a classroom control software so I come up with an idea of:

                1. Use application hash rule to restrict internet explorer in a GPO that applies for that class.

                2. Make shortcuts on the instructor desktop so he(she) can enable / disable that setting in the GPO.

                3. Make another shortcut which is a script to run "gpupdate /force" to all computers in that classroom.

                To biggles77:
                Is the lecture at the same time each day? Can you see where I am going?
                Actually I'm not quite sure that I understand you. Can you be more specific? Thanks

                To Guy: How about the proxy server in this situation? ( I don't have each classroom on a separate VLAN though).

                Please help .

                Thanks in advance
                Teamwork

                Comment


                • #9
                  If the lecture is the same time every day you can stop computer access for a specific OU. Each Lecture Group would need to be put into their own OU so the time restriction could be appled to each in turn (at the appropriate time). Use the Option in AD, Account, Logon Hours to set when the users can logon to the computer. Gets a bit messy to setup and it stops them from accessing anything on the PC as well as the Internet.

                  Another option might be for the Lecturer to get the students to put the keyboard and mouse on top of the monitor during the lecture. Any students who don't comply get shot in the leg for their first offence (or possibly some other deterrent). The others would soon realise "resistance is futile".
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    ever think of just unplugging the hub/switch at the start of the lecture. assuming of course all the students go to a central hub.
                    MCSE 2000\2003, A+
                    00000001-00000011-00000011-00000111

                    Comment

                    Working...
                    X