Setting policies and privileges in windows

S

sram

[H]ard|Gawd
Joined
Jul 30, 2007
Messages
1,699
Hi guys.

I understand that in a domain network, one can easily have centralized control over all clients using the server(set group policies, prevent users from doing certain things....etc). But, if I'm in a workgroup network and I only want the users to work in their corresponding applications and not do any changes to the system or be able to modify settings......etc, What is the best way to do that?

Can user accounts in control panel fulfill this role perfectly? For example, I'll create a user account for each machine and there will be an admin account of course. The operator or the employee will access windows through the user account to do his work. The admin account will be used to do all setups and installs and its password will not be given to anybody except the real network administrator.

I don't want standard normal users to be able to use removable storage. And I also don't want them to install or uninstall programs or delete some certain files. These are the kind of things I don't want user to alter or mess with. So, can it be done this way?

The OS I will be using will be either windows 8 or 7. Also, does the windows edition matter here? Pro vs ultimate vs home premium..........etc?

Thanks.
 
You can edit the local group policy just you need to do it on every PC (for e.g. to disable removable storage) or figure out a way to copy it to other machines (pretty sure you can do this through the registry.)

Perhaps you can setup a Samba 4 server and switch over to a domain.

You want software restriction policies as well since for e.g. Google Chrome does some shady stuff to allow users to install the browser without admin rights (some of our users have tried this, I assume they were trying to bypass internet filtering.)
 
athlon1.2 said:
You can edit the local group policy just you need to do it on every PC (for e.g. to disable removable storage) or figure out a way to copy it to other machines (pretty sure you can do this through the registry.)

Perhaps you can setup a Samba 4 server and switch over to a domain.

You want software restriction policies as well since for e.g. Google Chrome does some shady stuff to allow users to install the browser without admin rights (some of our users have tried this, I assume they were trying to bypass internet filtering.)
Click to expand...

Why use Samba 4? If I want to setup a domain network, I can just do that by installing windows server on one of the machines and make it the server and make the rest clients. Or is there a benefit in using samba 4? The reason I'm not doing a domain network is because I don't have enough knowledge to do it. Does samba 4 makes it easier? I need to setup the network in three days time and I don't think that's to learn everything there is about setting up a domain network.
 
dbwillis said:
Benefit of Samba4 is no OS license cost and no CAL cost
Click to expand...

I see. But, how would you describe the learning curve of samba 4 ?


And by the way--this might be a stupid question--, if you are using a router with some ports, ip addresses will be assigned automatically by its dhcp server and the default gateway address will be the router's address, but in the case of using an unmanaged switch, how are ip addresses assigned? Manually for each client? I'm asking because I haven't setup a workgroup before with only a switch.

Thanks.
 
sram said:
Thanks for your post, I'm now watching this:

http://technet.microsoft.com/en-us/itmanagement/ff765027.aspx


Very nice and it will walk through anybody into doing it correctly.

I take it that you can do many things under administrative tools>local security policy even if you don't have a domain network...............right guys?

Thanks.
Click to expand...

Can somebody please confirm what I said in the statement above in red?

It will also be nice if you can shed some light on my question about switches in my previous post.

Many thanks.
 
Yes, you can edit the local security policy of every machine to make changes if you don't have a domain.
I *think* you can export the settings and import them as well to other machines.
 
sram said:
I see. But, how would you describe the learning curve of samba 4 ?
Click to expand...

I find setting up Windows AD to be super-easy. I mean literally you run dcpromo.exe answer a few questions click next a few times and you are good to go. Install your GPO tools if they aren't working, add some users and computers and then create your policy.

I'm going to say that Samba4 would be much harder. I wouldn't do it if I needed to have group policy running on it in 3 days. The benefit would be the licensing costs.
 
You must log in or register to reply here.
Back
Top