Hi all,
In my part 2 of GPO, lets go through how to create & configure a very basic GPO, for those who missed out my part 1 of GPO configuration, please refer to this link : https://mizitechinfo.wordpress.com/2013/08/06/simple-guide-implementing-group-policy-in-windows-server-2012-r2/
As usual, I used my existing infra for this demo which DC01.comsys.local and my Windows 8 Client (Surface01)...
For this demo objective, I'm going to restrict access to control panel, and restrict few apps such as Notepad.exe and Calc.exe my Marketing & Production users.
Lets get started...
1 - As usual on the domain server, create a new GPO, in my case my new GPO will be Comsys Infra Standard...
2 - Next, right click Comsys Infra Standard GPO and click Edit...
3 - Next, on the Group Policy Management Editor, expand User Configuration, Policies, and Administrative Templates, and then click System, next double click Don’t run specified Windows applications, click Enabled and click Show...
4 - In the Show Contents box, in the Value list, type notepad.exe, Calc.exe and Paint.exe and then click OK...
5 - Next, click Control Panel, on the right pane, double click Prohibit access to Control Panel and PC Settings, then click Enabled and click OK...
6 - Next, lets Link the Comsys Infra Standard GPO to our domain, right click Comsys.local and click Link an Existing GPO...
7 - On the Select GPO box, under Group Policy Object, click Comsys Infra Standard and then click OK to proceed...
8 - Next, you can open CMD and type gpupdate /boot /force...
9 - Next, log in to your Windows client PC, in my case my Windows 8 Client and I log in as my domain user (either your Marketing @ Production users...
10 - once you successfully log on, try open notepad and Control Panel and you will be presented with Restrictions warning box...
11 - Next, back to your Domain Server and open Control Panel (remember that my Domain Server is longed in as Domain Administrator)...
12 - once you click Control Panel, you will be presented with Restrictions warning box, but I'm a Domain Administrator, why I had this Restriction??
13 - Not to worry with this error, what you need to do to solve this small issue just a simple step where as in the Group Policy Management, click Comsys Infra Standard GPO, on the right pane, under Security Filtering, click Authenticated Users and then click Remove...
14 - On the Group Policy Management box, click OK to confirm remove the Authenticated Users group...
15 - Next, still in the Security Filtering, please add Marketing and Production group so that only this 2 groups will effected with this GPO...
Orait, thats all for Part 2, wait for my Group policy Part 3...