Group policy help please!
![[Deleted User]](https://us.v-cdn.net/6030959/uploads/defaultavatar/nE1RZK93BLG3K.jpg)
[Deleted User]
Senior MemberPosts: 0 ■■□□□□□□□□
So I am new to Group policy and have very minimal experience using it. I am mostly from a Cisco background. Here is what I am trying to accomplish:
1. At the top level set the policy so that anybody in the IT group and anybody in Domain Admins may logon to any machine at any time.
2. Each OU should have a policy that only those users in that department may logon to the machines in an
OU
3. Set a top-level OU that warns users at login
4. Edit the Group Policy such that notepad.exe is not allowed to run on machines in HR.
Can anyone provide a decent tutorial on how to accomplish this? Also, will Server 2012 work with Windows 10 preview with adding to a domain? I haven't tried this but I hope it can be accomplished.
1. At the top level set the policy so that anybody in the IT group and anybody in Domain Admins may logon to any machine at any time.
2. Each OU should have a policy that only those users in that department may logon to the machines in an
OU
3. Set a top-level OU that warns users at login
4. Edit the Group Policy such that notepad.exe is not allowed to run on machines in HR.
Can anyone provide a decent tutorial on how to accomplish this? Also, will Server 2012 work with Windows 10 preview with adding to a domain? I haven't tried this but I hope it can be accomplished.
Comments
-
cruwl
Member Posts: 341 ■■□□□□□□□□
1:Adding Domain Users To The Local Administrators Group Using Group Policy | Richard Skinner
You may want to follow this and add the admins/It groups to the Remote access group on the local systems as well.
2: Restrict computer logons to a group of users. - Spiceworks
Make sure admins and domain admins and the IT group ect are in the list as well.
You may want to make a Small OU and apply your new GPOs to it and only have 1 machine in the OU that way you can test the behavior and you dont possibly break 100s of systems or something.