Group policy: Restricting users from accessing control panel

pts.
Tags:
Active Directory
Auditing
DataCenter
Policies
I want to restrict users from accessing control panel from their workstation. How can I do that?

Answer Wiki

Thanks. We'll let you know when a new response is added.

User configuration/Administrative templates/control panel/prohibit access to control panel.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Howard2nd
    Presuming (i.e. not provided) clients are 2k pro or XP and patched to the current levels. Domain not workgroup, or GP is not available for this purpose. You have run the security template for the MMC (Microsoft Management Console). Google 'Disable Control Panel', which would have led to this: In Group Policy under 'userconfiguration', under 'administrativetemplates',in the section 'Startup & Taskbar' make your change. Good luck.
    30 pointsBadges:
    report
  • HumbleNetAdmin
    Are you wanting to do this in a win2k or win2k3 Active Directory environment? And with win2k or XP PC's There are differences in the GPO's between win2000 and win2003 domains. There is alot more controls added to win2003. If so, it is real easy using GPO's. I do not knwo what your level of knowledge is with AD, so I will give you a little background. GPO's can be linked to Organizational Units (OU's), such as the Users folder under Active Directory. Your domain under Active Directory has it's own default GPO that is applied to all users. It is not recommended that you change this policy, all though you could. If you would like to create policies that are going to effect all users, it would be better to create a new GPO and link it to the domain. The good thing about OU's is that you can break your organization up into fucntional or departmentatl levels, such as Accounting, HR, Customer Support and so on and apply different GPO's to each OU giving more or less or different restrictions. To get to the meat of the matter and blocking acces to the control panel. Open your GPO and go to User Configuration/Administrative Templates/Windows Components/Control Panel Once there your can control various aspects of Control panel, or you can just block access to it all together. There is so many things that you can do with GPO's. You can completely lock down a desktop and only allow a user to have on there desktop what you allow. I do this with some 60-70 terminal services clients accross 42 OU's and 42 GPO's A good reference for group policy in win2k3 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/a9ed1ad7-dde3-46d0-a28c-3f48f2935002.mspx
    0 pointsBadges:
    report
  • Manumaha
    I have done all the settings using dsa.msc on an particular OU. I could create a GPO and then I made some changes in user configuration like "prohibit access to control panel" remove run command from the start menu etc. After applying the changes I logged in to the XP pro machine as a normal user. But I still can see and use run command in start menu and still able to access control panel and its components. Is there anyone who can put some light on this. PS : I also tried gpupdate / force command from command prompt to get my machine updated. Doesn't work at all. Thanks in advance. -Makarand.
    10 pointsBadges:
    report
  • carlosdl
    Manumaha, you could use GPRESULT on the client machine, to check what policies (if any) have been applied.
    70,200 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following