www.kreslavsky.com

In System properties window you can various information about  Windows system .
You may wish to block it to prevent users from accessing it  and do changes.

You can easily disable access to My Computer context menu through AD Group Policy.
This solution doesn’t block access to menus, only hides it from right click. Menu  can still be accessed Windows key + Pause/Break key.

To disable it Open Group Policy Manager
Navigate to User Configuration > Policies > Administrative Templates > Desktop
Double Click on “Remove Properties from the Computer icon context menu” and change it to “Enabled”

Windows 7 Trial Download

• Leave a comment... (0)

There is no 100% foolproof  solution that blocks local admin users access the option of disjoining their computer from domain , but you can make it harder to get to system menu.

I remove the "properties" from when you right click on my computer.
Then i also remove system applet from control panel menu ,and disable registry editing.

To disable right click on my computer go to Group Policy.
Navigate to  User Configuration>Administrative templates>Desktop
Locate “Remove Properties from the My Computer context menu” and set it to “Enable”

You should check also How disable  Right Click Properties on my computer on windows 7/Vista

Than navigate to User Configuration>Administrative templates>Control PanelLocate “Hide specified Control Panel applets”Set it to “Enabled” and add Sysdm.cpl to the list of disallowed Control Panel applets.

To block Sysdm.cpl  from executing

Navigate to User Configuration>Administrative Templates>System

Navigate to “Don’t run specified Windows application” set it to “Enabled” and add Sysdm.cpl  to the list of disallowed applications

• Leave a comment... (0)

• Open Group Policy Editor:
• Link Policy to relevant OU
• Navigate to User Configuration>Administrative Templates>Start menu and taskbar.
• Edit “Prevent Changes to Taskbar and Start Menu Settings”
• Set it to enable
  
• Pres OK

Note: To enforce group policy: Navigate to Start>Run type gpupdate /force and hit Enter

• Leave a comment... (0)

Recently I installed 2 2008 terminal servers , and when I started configuring them I realized that I can’t use lot of new features that are available only via 2008 Group Policy . The network was 2003 , and adding or upgrading current DC to 2008 domain controller rises project costs ( 2008 CAL’s for entire domain ) I had to look for other solution .

Since windows 2008 GPO templates changed their format from ADM to ADMX I couldn’t import windows 2008 templates to windows 2003 DC.

So here how you solve this.

You must use Vista +sp1 Desktop

First , you need to extend your schema to 2008
The first schema updates need to be applied to the Active Directory Forest. In order to apply them you need to run the adprep application from the domain controller that holds the schema role master. To run the forest schema updates use the following command: adprep /forestprep

Once the forest updates have been updates, the next step is to run the adprep for each domain in the forest. This should be run on the domain controller that holds the Infrastructure operations master role. The command to run is: adprep /domainprep

After you finish with with schema expansion

Go to your Vista desktop.
Download RSAT tool for vista x64 and for vista x86 and install it

After instalation is completed.

• Go to Control Panel click on Program & Features
• Locate and click on Turn Windows features on or off
• Install relevant Feature Administration and Role Administration tools (For group policy install Group Policy Management Tools)

Now you can use all Windows 2008 and Vista  GPO goodies on your windows 2003 domain .

• Leave a comment... (5)