G
George Barley
Hello, I posted this as the last in a series of questins in the AD
group, but got no answer. Please help me figure this out.
I understand how to create a new policy for the domain, an OU, or site,
but I want another policy for the Domain Controller (the current one is
the Start>Programs>Administrative Tools>Domain Controller Security
Policy), that only applies when a user logs on physically to the Domain
Controller machine. I want the settings (in that policy) for "Print
Operators," for example, to be different than the settings for the
Administrators, Domain Admins groups.
How do I create a new policy for the Domain Controller so I can
differentiate between Admins logging on to the DC machine and "Print
Operators" or any other group I choose?
Basically, I want Admins to do whatever they want when logging on to the
Domain Controller, but I also want a small group of users to log in to
the same Domain Controller machine, but be able to only use a certain
application, and not be able to change stuff like DNS, Exchange, ISA, etc.
Thanks for the patience and advice,
George
(e-mail address removed) (get rid of "_nospam" to email me)
group, but got no answer. Please help me figure this out.
I understand how to create a new policy for the domain, an OU, or site,
but I want another policy for the Domain Controller (the current one is
the Start>Programs>Administrative Tools>Domain Controller Security
Policy), that only applies when a user logs on physically to the Domain
Controller machine. I want the settings (in that policy) for "Print
Operators," for example, to be different than the settings for the
Administrators, Domain Admins groups.
How do I create a new policy for the Domain Controller so I can
differentiate between Admins logging on to the DC machine and "Print
Operators" or any other group I choose?
Basically, I want Admins to do whatever they want when logging on to the
Domain Controller, but I also want a small group of users to log in to
the same Domain Controller machine, but be able to only use a certain
application, and not be able to change stuff like DNS, Exchange, ISA, etc.
Thanks for the patience and advice,
George
(e-mail address removed) (get rid of "_nospam" to email me)