Basic, Secure GPOs to apply to a company AD?
- From: anthony.oren@xxxxxxxxx
- Date: 21 Sep 2006 09:32:17 -0700
Hello I am building a network from the ground up using AD in W2K3 DC
Server with a TS Server.
My current AD structure is as follows (names changed):
- MyDomain.com
-- NY HQ (OU)
--- IT (OU 1)
--- SALES (OU 2)
--- TERMINALUSERS (OU 2)
--- FINANCE (OU 4)
--Terminal Servers
In each of the OUs within NY HQ (Except IT),. every user will have
LOCAL administrators account but will be just regular USER on the
network. No one will hve a LOCAL account but will be logging in with
CACHED CREDENTIALS when there not physically here in the building
because the PCs are theres since there employees. Obviously IT OU will
have less restrictions. Can anyone suggest advice for basic or just
secure GPOs that are important to implement company wide to put some
types of restrictions on users to prevent spread of malware, virii, etc
etc but still allow them to have freedom with there accounts?
I was thinking about applying specific GPOs to computer instead of per
user, so this way, I can prevent Windows Update and hardware
installations, but I'm not sure what else would be useful for the
safety of the network. We have a few users who are in another state and
log in through the Terminal servers.
Any advice would be appreciated.
.
- Follow-Ups:
- Re: Basic, Secure GPOs to apply to a company AD?
- From: Roger Abell [MVP]
- Re: Basic, Secure GPOs to apply to a company AD?
- Prev by Date: Re: Internet explorer
- Next by Date: Re: Allowing Users to Install Hardware Device Drivers
- Previous by thread: Re: Internet explorer
- Next by thread: Re: Basic, Secure GPOs to apply to a company AD?
- Index(es):
Relevant Pages
|
