Ask the Expert

Using Group Policy to restrict a temporary user's privileges

Can I set one group policy to allow a temporary user to log on only to the computer he is given? I want the user to only use Word, Excel, Acrobat and Internet Explorer, and not access Windows Update, Yahoo or Hotmail. I am new at AD group policy making and I don't want to mess with other users.

Requires Free Membership to View

This question has a fourfold answer:

(1) First, load a workstation with the specific software you want him/her to run. Your list above is fine. You can do this manually, or via Group Policy Software Installation.
(2) To restrict a user to a specific computer, you need to be running NetBIOS. Then, in the user's Account tab, click the "Log on to" button and specify the computer you want to restrict the computer to.
(3) Users -- that is, non-administrators -- cannot go to Windows Update.
(4) To restrict users from all other Web sites, you'll need to get familiar with how to implement Internet Explorer Maintenance policies -- either via local GPOs or via Active Directory GPOs. The process is fairly detailed, but here are the steps in a nutshell: Configure a computer's IE settings to be as restrictive as you want, then use the Internet Explorer Maintenance Settings (specifically, those located in User Configuration | Windows Settings | Internet Explorer Maintenance | Security | Security Zones and Content Ratings) to import the current computer's settings. Then, the computers you apply the GPO to will embrace the same settings.

In short, you may be new to Group Policy, but you'll have to get familiar with it to do lots of tasks -- so, better get started in your knowledge!!

This was first published in February 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: