Wednesday, 6 February 2013

Windows 2003 Server Domain & Group Policy Configutaion Overview

Installing and setting up Windows Server 2003:


Minimum System Requirements
Processor: 400MHz
RAM: 128 MB
Hard drive: 2 GB
Resolution: 800x600 / Higher


Installation:
  • Insert windows 2003 server CD into your CD/DVD Drive.
  • Run through the installer, it's almost exactly the same as a Windows XP instal
  • On your first login you'll be prompted to update and to configure automatic updates
LAN Settings:
Before moving to active directory creation LAN IP address should be assign as static ip address. ie: 192.168.1.1 etc.,

Active Directory:
  1. To give you server roles, go to Start > Manage Your Server. 
  • You'll then be presented with the Server management page.
  • Click "Add or remove a roll". You're going to see a box come up with a list of all the roles that you can assign, there are 12 in total. 
  • Select "Domain Controller (Active Directory)" and click next.it shows "Run the Active Directory Installation Wizard to set up this server as a domain controller."
  • Next all of that until you get to "Domain Controller Type"
(or)
Goto Run > type "DCPROMO" > Press Enter.
Domain in a new forest
Select this option if this is the first domain in your organisation of if you want the new domain to be completely independent of your current forest.
Full DNS name for the new domain: dop
Domain NetBIOS name: dopserver
Database and Log Folders: Default locations
Shared System Volume: Default Location
then follow the installer configuration.
Restart Now.
When you reboot you should receive a nice message. "This Server is Now a Domain Controller"
Creating Users and Groups:
  • Start > All Programs > Administrative tools > Active Directory Users and Computers.
  • Within your domain, mine being "dop" right click and create a new "Organization Unit". This is where we're storing our groups and users.In an organisation you will have multiple departments, it is wise to create groups for each department for this example i am creating a Managers group.
  • Within your new Managers Organization Unit, create a new group. You can do this by right clicking then New or by clicking the icon on the task bar .
I named my group Managers.
Group scope: dopscope
Group type: Security
Still inside your organizational unit, create a new user.
Add the user to the group.
Right click the group, then go to Properties then the members tab.
Group Policy:

  1. Start > All Programs > Administrative tools > Active Directory Users and Computers
  2. Right click the Organizational unit that you created then click Properties.
  3. Under the Group Policy tab, click New.
  4. To edit, enabled or disabled group poilcy objects click the edit button and it'll bring up a new window.
Enable the following settings:

1) User Configuration > Administrative Templates > Windows Components > Windows Explorer
a) Remove Map Network Drive and Disconnect Network Drive
Prevents users from using Windows Explorer or My Network Places to map or disconnect network drives.
b) Hide these specified drives in My Computer (I enabled for C only)
Removes the icons representing selected hard drives from My Computer and Windows Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.
c) Prevent access to drives from My Computer
If you enable this setting, users can browse the directory structure of the selected drives in My Computer or Windows Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.
2) User Configuration > Administrative Templates > Windows Components > Internet Explorer
a) Disable changing home page settings
Prevents users from changing the home page of the browser. The home page is the first page that appears when users start the browser.
3) User Configuration > Administrative Templates > Start Menu and Taskbar
a) Remove Search menu from Start Menu
Removes the Search item from the Start menu, and disables some Windows Explorer search elements.
b) Remove Help menu from Start Menu
Removes the Help command from the Start menu.
c) Remove Run menu from Start Menu
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
d) Lock the Taskbar
If you enable this setting, it prevents the user from moving or resizing the taskbar.
4) User Configuration > Administrative Templates > Control Panel
a) Prohibit access to the Control Panel
This setting prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.
5) User Configuration > Administrative Templates > Control Panel > Display
a) Prevent changing wallpaper
Prevents users from adding or changing the background design of the desktop.
6) User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options
a) Remove Task Manager
Prevents users from starting Task Manager (Taskmgr.exe)
7) User Configuration > Administrative Templates > Control Panel > Desktop
a) Prohibit user from changing My Documents path
Prevents users from changing the path to the My Documents folder.
8) User Configuration > Administrative Templates > Control Panel > System
a) Prevent access to the command prompt
Disable the command prompt script processing also? No
Prevents users from running the interactive command prompt, Cmd.exe. This setting also determines whether batch files (.cmd and .bat) can run on the computer.
b) Prevent access to the registry editing tools
Disable regedit from running silently? Yes
Disables the Windows registry editor Regedit.exe.
Courtesy : http://potools.blogspot.in

0 comments:

Post a Comment