Group Policy

A

Auddog

I have setup numerous group policies for my AD. I'm now being asked to
setup a group policy for a singe stand alone machine for our HR Kiosk. Is
there a way to apply a group policy to a single windows 2000 machine. I
don't want to have anyone login, as everything is already running over SSL.
But I would like to be able to lock down this machine so no one can mess it
all up. Any ideas on how to do this? Thanks in advance.

A
 
B

Brandon McCombs

Auddog said:
I have setup numerous group policies for my AD. I'm now being asked to
setup a group policy for a singe stand alone machine for our HR Kiosk. Is
there a way to apply a group policy to a single windows 2000 machine. I
don't want to have anyone login, as everything is already running over SSL.
But I would like to be able to lock down this machine so no one can mess it
all up. Any ideas on how to do this? Thanks in advance.

A
Click to expand...

You can only apply group policies to sites, domains, and OUs. You would
have to put the machine in it's own OU and in the policy under the
security options specify the user accounts that you want to have the
ability to login to that machine. I would think you would at least want
the administrator to be able to login to it.

If you try to link the group policy to a single machine using the GPO
management snap-in you will find that it isn't possible (at least in R1
of Win2k3).
 
F

Florian Frommherz

Howdie!
I have setup numerous group policies for my AD. I'm now being asked to
setup a group policy for a singe stand alone machine for our HR Kiosk. Is
there a way to apply a group policy to a single windows 2000 machine. I
don't want to have anyone login, as everything is already running over SSL.
But I would like to be able to lock down this machine so no one can mess it
all up. Any ideas on how to do this? Thanks in advance.
Click to expand...

You can either create a SubOU for your Windows 2000 machine and link
your policy there or you could work with security filtering. Security
filtering means that you deny "Apply Group Policy" rights to the machine
by issuing the NFTS permissions of the Group Policy. If you use Security
filtering, you can link the policy to the parent OU.

Regarding your question how to restrict the users to log on to that
machine, you can use the following Group Policy:

CompConf\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\ Log on locally. Wipe out all unwanted users and add those
users who shall be able to log in.

cheers,

Florian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain policy vs local policy 4
Group policy only applied after restart 3
Group Policy 2
Group Policy Not working 1
Group Policy fundamentals 1
Local Machine vs. Domain Group Policy 11
Group policy rookie 4
Group Policy Problem 3

Top