D
Duncan.
Hi all,
I'm after some advise.
I have a small network, about 2000 desktops spread evenly
across three sites. There are 2 DC's each site.
These users tend to logon at similar times, they probably
all login between 7am and 10am every morning and logout
between 4pm and 7pm each evening.
I need to apply a lock down policy, however there are
going to be some people which will need to be excluded.
There will also be instances for example where a user
might want to just have part of the restriction removed,
such as access to the command prompt.
I've thought about setting the default domain policy to
allow everything, such as access to the command prompt.
Then creating another policy which denies access and
applying this to a group.
This way all the users in the group are denied access to
the cmd until they are removed from the group.
It also means that all the GPO's are linked at the same
place, (the domain level).
So.. what do you think, is this a good model.
Also.. how many GPO's do you think I should apply to users?
I don't want to effect logon times too much.
Any comments will be gratefully received.
Regards,
Dunc.
I'm after some advise.
I have a small network, about 2000 desktops spread evenly
across three sites. There are 2 DC's each site.
These users tend to logon at similar times, they probably
all login between 7am and 10am every morning and logout
between 4pm and 7pm each evening.
I need to apply a lock down policy, however there are
going to be some people which will need to be excluded.
There will also be instances for example where a user
might want to just have part of the restriction removed,
such as access to the command prompt.
I've thought about setting the default domain policy to
allow everything, such as access to the command prompt.
Then creating another policy which denies access and
applying this to a group.
This way all the users in the group are denied access to
the cmd until they are removed from the group.
It also means that all the GPO's are linked at the same
place, (the domain level).
So.. what do you think, is this a good model.
Also.. how many GPO's do you think I should apply to users?
I don't want to effect logon times too much.
Any comments will be gratefully received.
Regards,
Dunc.