S
Sam
Hi. I work for a University and my close friend is the network
administrator. I have become frustrated lately because I know there
is a way to lock down or restrict one user account from doing anymore
than just browsing the web and printing office documents. I am
talking about a user account on a domain.
My friend insists that in order for him to lock it down as much as he
needs to that he had to make changes that are affecting the
Administrator account on that same domain. He has succeeded in
locking down the one account and now the users on that account can not
do things they are not supposed to.
The problem is that now the Administrator account on that domain is
getting a restricted desktop. Not near as restrictive as the user
account mentioned previously however it is restrictive enough to where
we can not do simple things like add a network printer, change
internet explorer options, click on run, etc. He INSISTS that there
is not other way and I know that he is wrong however I do not have the
experience he has so I do not know EXACTLY how to make the changes to
the different accounts via group policy without turning it into a
learning experience for myself and the university.
I plan on sitting down and talking to him with two other co-workers
who feel the same way and feed him facts. It is unlike him to be so
ignorant and a couple of us are really getting frustrated because the
changes he implemented are making it more difficult for us to do
normal things we have been doing for some time.
Can anyone shed some light on this as to maybe a website and or just
feedback with your experience implementing policies on a domain that
restrict certain user accounts from being able to mess up the
computer. That is the reason for the restriction and I know it is
done all over this world successfully without restricting the darn
Administrator Account !!
Thanks,
Sam Cederas
administrator. I have become frustrated lately because I know there
is a way to lock down or restrict one user account from doing anymore
than just browsing the web and printing office documents. I am
talking about a user account on a domain.
My friend insists that in order for him to lock it down as much as he
needs to that he had to make changes that are affecting the
Administrator account on that same domain. He has succeeded in
locking down the one account and now the users on that account can not
do things they are not supposed to.
The problem is that now the Administrator account on that domain is
getting a restricted desktop. Not near as restrictive as the user
account mentioned previously however it is restrictive enough to where
we can not do simple things like add a network printer, change
internet explorer options, click on run, etc. He INSISTS that there
is not other way and I know that he is wrong however I do not have the
experience he has so I do not know EXACTLY how to make the changes to
the different accounts via group policy without turning it into a
learning experience for myself and the university.
I plan on sitting down and talking to him with two other co-workers
who feel the same way and feed him facts. It is unlike him to be so
ignorant and a couple of us are really getting frustrated because the
changes he implemented are making it more difficult for us to do
normal things we have been doing for some time.
Can anyone shed some light on this as to maybe a website and or just
feedback with your experience implementing policies on a domain that
restrict certain user accounts from being able to mess up the
computer. That is the reason for the restriction and I know it is
done all over this world successfully without restricting the darn
Administrator Account !!
Thanks,
Sam Cederas