Deny access to Windows system properties with GPOs

Windows networking security expert Brad Dinerman tells you how to prevent your users from accessing and altering unwanted settings and properties using Group Policy Objects (GPOs).

Question: How can I prevent my users from accessing system properties with an Active Directory Group Policy Object...

(GPO)?

Brad Dinerman's answer: There are various options to accomplish your goal. In Group Policy, you can set the option to prevent access to any control panel applet, which would include the system properties. You would do this within User Configuration > Administrative Templates > Control Panel, and then enable the option to Prohibit Access to the Control Panel.

If that option is too restrictive, however, you can set NTFS permissions just on the control panel applet (sysdm.cpl) by creating a GPO with settings at Computer Configuration > Windows Settings > Security Settings > File System. Right click on File System, select Add File, and then browse to c:windowssystem32sysdm.cpl. Set the permissions to deny read access for the desired users and then make certain that you apply the GPO to the appropriate OU.

 

This was first published in February 2008

Dig Deeper on Microsoft Group Policy Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.

Close