Q

How can I use a GPO to manage Windows user rights?

There are several ways to manage Windows user rights. Learn how to manage these rights with GPOs and NTFS permission settings.

How can I prevent my users from accessing "system properties" with an Active Directory Group Policy Object (GPO)?
There are various options to accomplish your goal. In Group Policy, you can set the option to prevent access to any control panel applet, which would include the system properties. You would do this within User Configuration > Administrative Templates > Control Panel, and then enable the option to Prohibit Access to the Control Panel.

If that option is too restrictive, however, you can set NTFS permissions just on the control panel applet (sysdm.cpl) by creating a GPO with settings at Computer Configuration > Windows Settings > Security Settings > File System. Right click on File System, select Add File, and then browse to c:windowssystem32sysdm.cpl. Set the permissions to deny read access for the desired users, and then make certain that you apply the GPO to the...

appropriate OU.

This was first published in February 2008

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close