This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
windows:windowsserver:activedirectory:gpo [2017/12/08 17:08] – created lunetikk | windows:windowsserver:activedirectory:gpo [2017/12/08 17:08] (current) – lunetikk | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | __false__ | + | ===== GPO ===== |
+ | I chose some policies just for a test: | ||
+ | - Group1 gets a red background | ||
+ | - Group2 has no rights to select " | ||
+ | - Group3 is the only group with remotedesktoprights | ||
+ | - Group4 has %%www.google.com%% for the startingpage (Internet Explorer) | ||
+ | - Group5 will be connected to a network share which will be opened automatically. | ||
+ | |||
+ | - All will have a disabled firewall and when they login or out their profiles will be synchronized. | ||
+ | |||
+ | ==== Set Group Policies ==== | ||
+ | |||
+ | To set the red backgroundcolor I created a new share with the name wallpaper$. The " | ||
+ | You can only reach it when you open it directly. In the directory you have to add a picture with a single red dot named " | ||
+ | In GroupPolicyAdministration under OU " | ||
+ | Under Userconfiguration -> Policies -> Administrative Templates -> Desktop you have to activate " | ||
+ | In Desktopbackground you have to set the UNC-PATH %%\\dc\wallpaper$\red.jpg%% and as style " | ||
+ | |||
+ | Back in the GroupPolicyAdministration you add an OU for " | ||
+ | In " | ||
+ | |||
+ | Next step you add a Policy for the " | ||
+ | |||
+ | To change the startpage of the browser for " | ||
+ | |||
+ | For adding the share you have to write a small script. Just open a .txt file and add the following: | ||
+ | |||
+ | <code batch netuse.bat> | ||
+ | net use v: \\dc \vw-share / | ||
+ | start explorer.exe " | ||
+ | </ | ||
+ | |||
+ | Save this file as *.bat or *.cmd. Add a policy and under Userconfiguration -> Policies -> Windows-Options -> Scripts -> Login click on add and browse. | ||
+ | Move the script to the defined folder (User-Scripts-Logon) and add. | ||
+ | |||
+ | To deactivate the firewall you need another script. Just as before open a .txtfile and add: | ||
+ | |||
+ | <code batch firewall.bat> | ||
+ | net stop " | ||
+ | </ | ||
+ | |||
+ | You have to add a policy under " | ||
+ | Additionally you have to disable the service " | ||
+ | |||
+ | At last you realise the profile synchronization. To do this you need another " | ||
+ | Rightclick -> Options -> tab Enabling | ||
+ | Now you have to edit the users once again. Rightclick an user, open Options and tab Profile. Add as Profilepath %%" | ||
+ | This way you dont need to add the username manually. | ||
+ | |||
+ | |||
+ | |||
+ | => |