If that option is too restrictive, however, you can set NTFS permissions just on the control panel applet (sysdm.cpl)...
by creating a GPO with settings at Computer Configuration > Windows Settings > Security Settings > File System. Right click on File System, select Add File, and then browse to c:windowssystem32sysdm.cpl. Set the permissions to deny read access for the desired users, and then make certain that you apply the GPO to the appropriate OU.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.