Q

Using Group Policy to restrict a temporary user's privileges

Can I set one group policy to allow a temporary user to log on only to the computer he is given? I want the user to only use Word, Excel, Acrobat and Internet Explorer, and not access Windows Update, Yahoo or Hotmail. I am new at AD group policy making and I don't want to mess with other users.
This question has a fourfold answer:

(1) First, load a workstation with the specific software you want him/her to run. Your list above is fine. You can do this manually, or via Group Policy Software Installation.
(2) To restrict a user to a specific computer, you need to be running NetBIOS. Then, in the user's Account tab, click the "Log on to" button and specify the computer you want to restrict the computer to.
(3) Users -- that is, non-administrators -- cannot go to Windows Update.
(4) To restrict users from all other Web sites, you'll need to get familiar with how to implement Internet Explorer Maintenance policies -- either via local GPOs or via Active Directory GPOs. The process is fairly detailed, but here are the steps in a nutshell: Configure a computer's IE settings to be as restrictive as you want, then use the Internet Explorer Maintenance Settings (specifically, those located in User Configuration | Windows Settings | Internet Explorer Maintenance | Security | Security Zones and Content Ratings) to import the current computer's settings. Then, the computers you apply the GPO to will embrace the same settings.

In short, you may be new to Group Policy, but you'll have to get familiar with it to do lots of tasks -- so, better get started in your knowledge!!
This was first published in February 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close