Securing Computers with Group Policy (a simple example)
by Greg Thatcher, MCSD, MCDBA, MCSE
In this simple example, we will pretend that we wish to lockdown the configuration of three users: Anne, Ben, and Betty. All three users are members of the Accounting Department, and any future members of the Accounting Department should have the same security settings applied to them. There are many security settings we may apply to these users. For this simple example, we will configure the following three:
- We will disable the Control Panel, as the CTO has asked that these users be prevented from reconfiguring their systems in an effort to reduce support costs.
- We will set the Home Page for Internet Explorer
- We will disable the Run Menu
To begin, login to one of the computer's that serves as your domain controller, and run the "Active Directory Users and Computers" mmc console by clicking on Start->Programs->Administrative Tools->Active Directory Users and Computers. Click on the "Users" container to see a list of users.
If you need to create a new user account, right click on the Users container and choose New->User to create the user.
Next, right click on your domain name (listed at the top of the left panel), and choose New->Organizational Unit. Create a new Organizational Unit (OU) called "Accounting".
Left click on the "Users" container. Then right click on the "Anne" user account and choose "Move".
Choose "Accounting" to move the user named "Anne" to the Accounting Organizational Unit. Repeat the steps above to move the use accounts for Ben and Betty to the Accounts OU.
Click here to continue this tutorial.