Using Group Policy to restrict a temporary user's privileges |
 |
EXPERT RESPONSE FROM: Jeremy Moskowitz
|
|
|
|
| > |
QUESTION POSED ON: 03 February 2004
Can I set one group policy to allow a temporary user to log on only to the computer he is given? I want the user to only use Word, Excel, Acrobat and Internet Explorer, and not access Windows Update, Yahoo or Hotmail. I am new at AD group policy making and I don't want to mess with other users.
|
|
| > |
EXPERT RESPONSE
This question has a fourfold answer:
(1) First, load a workstation with the specific software you want him/her to run. Your list above is fine. You can do this manually, or via Group Policy Software Installation.
(2) To restrict a user to a specific computer, you need to be running NetBIOS. Then, in the user's Account tab, click the "Log on to" button and specify the computer you want to restrict the computer to.
(3) Users -- that is, non-administrators -- cannot go to Windows Update.
(4) To restrict users from all other Web sites, you'll need to get familiar with how to implement Internet Explorer Maintenance policies -- either via local GPOs or via Active Directory GPOs. The process is fairly detailed, but here are the steps in a nutshell: Configure a computer's IE settings to be as restrictive as you want, then use the Internet Explorer Maintenance Settings (specifically, those located in User Configuration | Windows Settings | Internet Explorer Maintenance | Security | Security Zones and Content Ratings) to import the current computer's settings. Then, the computers you apply the GPO to will embrace the same settings.
In short, you may be new to Group Policy, but you'll have to get familiar with it to do lots of tasks -- so, better get started in your knowledge!!
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
