By default there are no user configuration settings defined on Group Policy when you
set up a domain. Computer/security policy settings are defined mostly in Local
Security Policy and Domain Controller Security Policy [mainly user rights
assignments] for domain controllers , while domain policy defining account/password
policies. What you are talking about seems to be mostly an issue with user group
membership in that users need to be administrators on their local computers to do all
that you mention [in W2K]. If it suits your needs you can add the users domain
account to their local administrators or power users group on their computer. You can
use "restricted groups" in security policy at the OU level to modify the membership
of the local administrators/power users groups of computers in the OU. First I would
try adding users to the Network Configuration Operators group on their local
computers to allow them to manage networking properties and consider using Group
Policy to publish or assign .msi applications to them before letting them all be
local administrators. Users usually do cry when they can't clutter up their computers
with unathorized applications, file swapping programs, chat programs, spyware,
etc. --- Steve
ajay said:
i want to know is there a way to import a default gp for 2000sever into my
new 2003 domain ...reason is that with the default domain gp all my wks are
lock down (limited access and right ) and i can not seem to raised the
level example no permisson to manage netowrk settings, make vpn
connections, install applications .......this is what i want in the future
but for now im locking laptops down with the 2003 gp and all my users a
crying .....please help