Re: Domain Controller Security Policy
From: Andrew Mitchell (amitchell_at_removecasey.vic.gov.au)
Date: 04/28/04
- Next message: Ihab Abedrabbo: "Folder Redirection"
- Previous message: Peter Loerns: "Re: Errors 1202 on DCs"
- In reply to: George Barley: "Re: Domain Controller Security Policy"
- Next in thread: George Barley: "Re: Domain Controller Security Policy"
- Reply: George Barley: "Re: Domain Controller Security Policy"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Apr 2004 03:12:47 -0700
George Barley <georgebarleyit_nospam@yahoo.com> said
> Darren,
>
> My goal is to let a couple of users log on to the Domain Controller
> machine with ability to do nothing but run this one application, which
> is a RIP (Raster Image Processor).
>
> I understand I have to do it in the Domain Controller Security Policy,
> but I don't understand how to differentiate between Administrators, and
> say a group called "Rip_Users," to where Adminis can do anything, and
> "Rip_Users" can't do but run the RIP app. Where, how, do I do this? I
> need step-by-step instructions. I am very new to Group Policy.
>
You need to create an OU that contains the domain controllers and apply your
GPO to that OU. Make the GPO a loopback policy and to ensure that all
settings are applied to users that login to machines in that OU.
You can then use security on the GPO to deny the 'Apply Group Policy'
permission to the domain admins security group.
Andy.
- Next message: Ihab Abedrabbo: "Folder Redirection"
- Previous message: Peter Loerns: "Re: Errors 1202 on DCs"
- In reply to: George Barley: "Re: Domain Controller Security Policy"
- Next in thread: George Barley: "Re: Domain Controller Security Policy"
- Reply: George Barley: "Re: Domain Controller Security Policy"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
