RE: Locking down a stand-alone 2000 Server with Group Poicy

From: Meidinger Chris (chris.meidinger_at_badenit.de)
Date: 09/30/03

  • Next message: Phillip McCollum: "Re: Locking down a stand-alone 2000 Server with Group Poicy" 
    To: 'Al Cook' <cookas@msn.com>, security-basics@securityfocus.com
Date: Tue, 30 Sep 2003 13:52:52 +0100

    your subject line said that it is a 2000 server, are you running a server
    OS?

    you can create a mini active directory, and make an OU and add that user to
    the OU. then apply your GPOs only to that OU.

    There is no reason your computer can't be a domain, is there?

    > -----Original Message-----
    > From: Al Cook [mailto:cookas@msn.com]
    > Sent: Monday, September 29, 2003 4:59 PM
    > To: security-basics@securityfocus.com
    > Subject: Locking down a stand-alone 2000 Server with Group Poicy
    >
    >
    > Apologies if this is slightly off topic, but I have a
    > stand-alone laptop
    > running windows 2000 and it will be used for training
    > external customers.
    > I've setup a user account which they will use to log in to
    > the machine and
    > run our company application. I need to ensure that this user
    > account can't
    > do anything on the laptop other than run the application.
    > Things like the
    > run command, task manager, explorer, control panel etc all
    > must be disabled.
    >
    > I was wondering what would be the best way to achieve this without
    > purchasing external software, I've played around with the
    > group policy
    > editor snap in, but all the setting then apply to the
    > administrator account
    > also. Has anyone got any suggestions, I found windows help
    > pretty confusing
    > and geared towards group policy for domains rather than stand-alone
    > machines.
    >
    > Many thanks, Al
    >
    > _________________________________________________________________
    > Stay in touch with absent friends - get MSN Messenger
    > http://www.msn.co.uk/messenger
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Phillip McCollum: "Re: Locking down a stand-alone 2000 Server with Group Poicy"

    Relevant Pages

    • Re: "logon failure: the user has not been granted
      ... Always when I try access server from network ... > account policies, user account, etc. and have come up with ... Check the group policy settings in the Group Policy MMC locally on the ...
      (microsoft.public.win2000.security)
    • Re: Windows cannot query for the list of Group Policy objects.
      ... Hello Johan, ... The account name was ... > the server host/emico1.emico.local. ... I get the error "Failed to open the group policy object. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Im locked out of domain admin account on Windows 2000 Server!!!
      ... account has gotten it applied also - at least on the ... server - if thats the case then ouch. ... Something that I learned the hard way - in group policy, ... logged in as a domain admin ...
      (microsoft.public.win2000.security)
    • Re: Backing up the Intranet
      ... One method of global recovery is a System State restore in DSRM. ... this server that precedes the change you made? ... interest...and a domain admin account. ... How To Reset User Rights in the Default Domain Group Policy in Windows ...
      (microsoft.public.windows.server.sbs)
    • RE: Several Problems; how to reset security and troubleshoot serve
      ... Security Templates in Windows Server 2003 - ... The Network Service account must be added to the policy settings in the ... This issue may occur if Group Policy settings that were applied at ... When you tried to launch the Remote assistance, ...
      (microsoft.public.windows.server.sbs)