How to Prohibit Access to Control Panel for Domain Users in Server 2012:
What is Group Policy?
Group Policy is an infrastructure that enables you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences. For Group Policy settings that affect only a local computer or user, you can use the Local Group Policy Editor and for Active Directory Domain Services (AD DS) environment you can use Group Policy Management Console (GPMC). But now I want to show you how easy you as a Server Administrator to prevent any malicious things happen to your client’s machine through Group Policy.
Group policy can do hundreds of configuration but for this Blog Post, I just wanted to share how to prevent access to Control Panel in Windows 8 by using AD Group Policy so that you can deploy to hundreds of machine available in you’re infra.
Let’s get started:
1 – On your Server 2012, open Group Policy Management look for Group Policy Objects.
2 – Next, right click Group Policy Objects and click New.. in the New GPO box, you can key in any GP name you prefer, for this demo I use CPX Control Panel Policies.
3 – Then you have to right click the new GPO ( CPX Control Panel Policies) you just created and click Edit..
4 – on the Group Policy Management Editor, scroll to User Configuration, Policies, Administrative Templates , Control Panel.. and on the right pane, you will see setting call Prohibit access to Control Panel and PC setting and double click on that setting.
5 – on the Prohibit access to Control Panel and PC setting box, Click Enabled so that you will disable all Control Panel function and then click OK..
6 – once you click OK, right click on the desire OU that you want this particular setting to be affected and click Link an Existing GPO… For this demo, I choose my Sales OU (so that all users in Sales OU couldn’t open their Windows Control Panel).
7 – on the Select GPO box, choose CPX Control Panel Policies and click OK.
8 – now you can verify that under Sales OU, there is CPX Control Panel Policies attached.
9 – next, log in as a Sales user in Windows 8 client system (for this demo I use Dan as my user, Dan is Sales user).
10 – once you successfully log in to Windows 8 client, open Command Prompt and type gpupdate /force to retrieve and update the policy from Domain.
11 – Next, on Windows 8 try open Control Panel and you will get an Restrictions warning..