View Full Version : lost my mind with Server 2003 user restrictions and such

30-12-2005, 02:17 AM
got a wonderful network just set up (a server 2003 DC, and XP pro client) i am planning on ahving a LAN party and am getting more PCs to make a Total of 6 clients. I want the users to be able to access the insatll drive for the games and such (\\server\FS1) but not the other drives (\\server\FS2). using GPEDIT.MSC i am lost at where i can restrict the individuals users and the desktop settings, whenever i set them it always applies to the server :-( and not the one pc i am using to test at the moment.

So if i want say a user BRETT to access FS! but have the desktop on the pc he is using be forced into classic mode and control panel etc removed how would i do this? i dont want any of the to be added users to have any admin rights, and does anyone one know any good logon scripts i could implient (like drive mapping, or a warning messege pop up tell them a sepcifyied thing? i read somewhere about OUs do they relate to the users and stuff?

30-12-2005, 09:23 AM
You should have Active Directory running, though in theory a workgroup would work, but it makes share permission and group policies more complex.

Drive access is restricted by share permissions, not through group policies.

Group policies, via Active Directory, is how you restrict classic mode, control panels, etc.

Removing admin rights is a good idea, but in practice many games won't run without it.

You may consider creating a standard client and ghosting it. That way all the applications you want are already installed, and no matter what they do, you can reset it quickly.

OU, or organizational units, are a way to organize a large Active Directory infrastucture, and would be overkill for what you're donig.

Active Directory is a very complex subject, which is why AD consultants get paid the big bucks.

30-12-2005, 11:54 AM
so how in AD would i do the restrictions, i know from fiddling that you can create a new poilicy instead of the default and switch importance or something (right click domain\properties\group policy) what i dont understand is how to go from creating the policies in gpedit and applying them to USERS not every computer, as its annoying restrict the ctrl panel and then find that i myself am restricted from using it! Yes a workgroup is easier but i like to do things the hard way, (more knowledge) i stumble my way through setting up the server, (making wild guesses) and i think for a teenager with no qualifications i done pretty well until now.and because a few of the particpants are bring their own pcs, they do need to install games themselves so ghosting wouldnt work there, at school they had a system that forces classic menu upon students (i was given admin rights) and they were denied acces to ctrl panel, couldnt make hardware changes, taskbar was locked and a cmd prompt appeared when every student logged in, mapping the drives, can i do al this? these policies at school applied to the users as it didnt matter which pc you were in, even if you brought your own and logged in as ur username.

01-01-2006, 11:03 PM
By default there is a "Default Domain Policy" and a "Default Domain Controller Policy". The first any changes affects clients and the second the server. You can create a new policy and assign to an OU with users being a member of the OU. I'm not going to explain how to do it, I haven't got all night. Read the help, it does explain.

02-01-2006, 12:10 AM
I think you're pushing it uphill a bit here
setting up server 2003 for 6 clients is a bit like flying your helicopter to the dairy for an ice cream, absolute overkill.

It wouldn't take too long for an experienced admin to set it up but that's because he would have spent the last dozen years or so running such setups

I've had a fair bit of experience with server 2000 but not much to do with 2003 although basic principles will be much the same

As berryb says it would take all night and some, to explain how to set it up in a forum situation such as this and it's just not practical

If I was you I'd be hitting the MS site, reading all the help manuals and hitting all the server forums around
here's one I frequent when I'm stuck, it's really good
but don't expect to get a handle on it in 10mins it's a complicated area of computing
but don't give up either, it's fascinating stuff once you get into it

My 2cents worth is, dump 2003 for what you are trying to acheive and use XP pro for your server

02-01-2006, 02:06 PM
The major difference with Windows 2003 versus other Windows version is most services are disabled by default. This is good for security, but gives one more hoop to jump through for newbies.