Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy - Only for specific users

Status
Not open for further replies.
Talisa

Talisa

IS-IT--Management
Dec 10, 2006
7
GB
I have a DC that contains a number of OU's. One of these OU's contains a 2K3
Server that I wish to apply a Group Policy to, however I only wish this
policy to apply to all domain/authenticated (normal)users and not to members
of say 'Domain Admins'. I wish to lock out such things as manage the server,
only run icons from desktop, remove the run command etc etc, alll of which
can obviously be done in GPO but when myself or a member of my support team
remote desktop onto the server we do not wish to have any restrictions at all.

Could someone point me in the direction of a document that could explain how
I acheive this please or give me a pointer or two on how to get this result.

Many Thanks in anticipation of a helpful response.

Regards,

--
Toni Chaffin
 
Sort by date Sort by votes
2K3
Server that I wish to apply a Group Policy to
Click to expand...

What exactly are you asking about the server policy?

As far as user policies, there are many ways to go about it. How about security filtering?

This question is way too broad. What is your desired target for these policies? Workstations? Terminal servers?

Simply create the policies and link them to the OU's you want them to apply to, then take away APPLY permissions to the Domain Admins group in advanced security. You'll need to go into the GPO itself, right-click the top node, properties. You'll see advanced security settings here.

Hope This Helps,

Good Luck!
 
Upvote 0 Downvote
Thanks for taking the time to respond to this post. Basically I have a shared desktop on the server which is accessed by 'Authenticated Users' utilizing Citrix. I wish to lock the server desktop down to such a level that users can't restart the server, access applications (Computer Management etc) and remove access to the Run command.

I need to obviously allow my support team the ability to access all functions on the server when they rmote desktop onto it for configuration purposes or fault finding etc.

I am currently applying the policies that prevent everything that I want to prevent when it comes to the users to an OU that contains the relevant server account. I just need to find out how to exclude domain admins for having this policy applied to them.

Is that any clearer?

Regards,

Toni
 
Upvote 0 Downvote
I have resolved this issue by looking up the Deny option you referenced in your initial response. As a result I am now sorted. Thanks

Regards

 
Upvote 0 Downvote
I shall go and look at that right now, thank you once again.

Kindest Regards

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
775
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
622
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
642
fightaccording
fightaccording
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
307
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top