Simple Guide Creating & Configure GPO in Windows Server 2012 R2 - Part 2

Updated: Aug 1, 2019

Hi all,


In my part 2 of GPO, lets go through how to create & configure a very basic GPO, for those who missed out my part 1 of GPO configuration, please refer to this link : https://mizitechinfo.wordpress.com/2013/08/06/simple-guide-implementing-group-policy-in-windows-server-2012-r2/


As usual, I used my existing infra for this demo which DC01.comsys.local and my Windows 8 Client (Surface01)...


For this demo objective, I'm going to restrict access to control panel, and restrict few apps such as Notepad.exe and Calc.exe my Marketing & Production users.


Lets get started...

1 - As usual on the domain server, create a new GPO, in my case my new GPO will be Comsys Infra Standard...

2 - Next, right click Comsys Infra Standard GPO and click Edit...

3 - Next, on the Group Policy Management Editor, expand User Configuration, Policies, and Administrative Templates, and then click System, next double click Don’t run specified Windows applications, click Enabled and click Show...

4 - In the Show Contents box, in the Value list, type notepad.exe, Calc.exe and Paint.exe and then click OK...


5 - Next, click Control Panel, on the right pane, double click Prohibit access to Control Panel and PC Settings, then click Enabled and click OK...

6 - Next, lets Link the Comsys Infra Standard GPO to our domain, right click Comsys.local and click Link an Existing GPO...

7 - On the Select GPO box, under Group Policy Object, click Comsys Infra Standard and then click OK to proceed...

8 - Next, you can open CMD and type gpupdate /boot /force...

9 - Next, log in to your Windows client PC, in my case my Windows 8 Client and I log in as my domain user (either your Marketing @ Production users...

10 - once you successfully log on, try open notepad and Control Panel and you will be presented with Restrictions warning box...

11 - Next, back to your Domain Server and open Control Panel (remember that my Domain Server is longed in as Domain Administrator)...

12 - once you click Control Panel, you will be presented with Restrictions warning box, but I'm a Domain Administrator, why I had this Restriction??

13 - Not to worry with this error, what you need to do to solve this small issue just a simple step where as in the Group Policy Management, click Comsys Infra Standard GPO, on the right pane, under Security Filtering, click Authenticated Users and then click Remove...

14 - On the Group Policy Management box, click OK to confirm remove the Authenticated Users group...

15 - Next, still in the Security Filtering, please add Marketing and Production group so that only this 2 groups will effected with this GPO...

Orait, thats all for Part 2, wait for my Group policy Part 3...



Contact Us

Our Office :

OSI TECHNOLOGY SDN BHD

16-1 Jalan Opera D U2/D,

Taman TTDI Jaya,

40150 Shah Alam,

Selangor Darul Ehsan

Tel : 603 7846 3080

Fax : 603 7848 3180

Email : info_osi@osi.com.my

Training Centre & Exam Centre : 

OSI TECHNOLOGY SDN BHD

20-1 Jalan Opera G U2/G,

Taman TTDI Jaya,

40150 Shah Alam,

Selangor Darul Ehsan