Few Issues and Workarounds needed

Home Forums Microsoft Networking and Management Services GPO Few Issues and Workarounds needed

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Well, I’m here to get help from you guys..!! I’m a technology passionate kinda person and I somehow got interested into learning the powers of Active Directory & GPO.

    I’ve been successful in Setting up a Windows 2003 Server with AD, DNS and DHCP Server. I know Windows does 90% of the job by itself. But still many people get scared when working around with them :).

    Well I’ve a network of 10 PC’s all running Windows 2000 and they will grow in time.. So I was planning to make everything automated. I’ve also applied GPO’s to all the 10 PC’s.

    All PC’s have 40 GB HDD, they are using their own space for storing documents/files and etc.

    Problem 1:

    I want to block System Drive i.e. C: Drive, but making sure they have access to MyDocuments. Because I’ve tested that when you block access to C Drive from GPO; you cannot access MyDocuments, even a new folder created by you on desktop.

    So I was thinking it could be done like.. Changing the profile path to D: Drive, but that would require some kind of scripting .. and I’m really dumb at it. Scripting scares me. Any Suggestions ??

    Problem 2:

    I had managed to disable all the Hardware addition, probably.. Because they are simple users, so they don’t have any access to add new hardware. But when I insert a pen drive / flash / usb drive, I can get access to it. So the users will easily be able to read/write the pen drive.

    Either I can block all the Drives using GPO, but then My Documents is also not accessible..!! Or if there’s a way that users can only read from USB but not write or the best.. Block USB ..!! Any suggestions ??

    Problem 3:

    While I was setting up GPO’s I realized that – If a user has a successful login onto a particular system and then on “one not so” fine day the DC or the Network goes down & then the user tries to Log-In.. he actually can.. because the OS Caches the username and passwords, I think..!!

    So, what could be the solution to this..!! If we want users should be able to log-in only if the DC is available…!! Any Suggestions ??

    Any kind of help will be appreciated. You can give me links.. some reading material or any damn thing that would help me :) I would like it.

    Thank you all..!!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.