服务器 Gind.cn
  1. 服务器 Gind.cn
  3. lockingWindows Server 2012上的用户
Intereting Posts
减less已经优化的LEMP设置的加载时间(等待时间) 在慢速连接中使用ssh时,请停止快速减速和详细操作 本地内网网站打破内部DNS 如何提高具有virtio驱动程序的Win 2008 KMV guest之间的networking性能? 为什么OpenVPN会给出中间证书的“不支持的证书目的”的错误? 排除debian 6服务器重启的故障 “1-gig switch port”在协同定位方面意味着什么? 桑巴共享,写入性能 数据库(〜2TB)缓慢的MSSQL – 索引/碎片? 是否可以在服务器上运行一个小的无限循环脚本? keytool错误:证书回复不包含公钥 Samba强制权限被忽略 在第三方DNS服务器之间切换时,如何避免Lame DNS或其他问题? 在云上发布跟踪器? Hyper-Vnetworking启动传统networking

lockingWindows Server 2012上的用户

我在Windows Server 2012的服务器机器上设置了一个Active Directory ,我想创build一些像Windows Steady State一样在Windows XP (本地)中有限制的用户。

已经看过Windows SteadyState HandbookWindows Server 2008 ),但是我想知道是否有人曾经尝试过这个,限制如下: 

 1. Prevent locked or roaming user profiles that cannot be found on the computer from logging on 2. Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer 3. Do not allow Windows to compute and store passwords using LAN Manager Hash values 4. Do not store usernames or passwords used to log on to the Windows Live ID or the domain 5. Prevent users from creating folders and files on drive C:\ 6. Lock profile to prevent the user from making permanent changes 7. Remove the Control Panel, Printer and Network Settings from the Classic Start menu 8. Remove the Favorites icon 9. Remove the My Network Places icon 10. Remove the Frequently Used Program list 11. Remove the Shared documents folder from My Computer 12. Remove control Panel icon 13. Remove the Set Program Access and Defaults icon 14. Remove the Network Connection(Connect To)icon 15. Remove the Printers and Faxes icon 16. Remove the Run icon 17. Prevent access to Windows Explorer features: Folder Options, Customize Toolbar, and the Notification Area 18. Prevent access to the taskbar 19. Prevent access to the command prompt 20. Prevent access to the registry editor 21. Prevent access to the Task Manager 22. Prevent access to Microsoft Management Console utilities 23. Prevent users from adding or removing printers 24. Prevent users from locking the computer 25. Prevent password changes (also requires the Control Panel icon to be removed) 26. Disable System Tools and other management programs 27. Prevent users from saving files to the desktop 28. Hide A Drive 29. Hide B Drive 30. Hide C Drive 31. Prevent changes to Internet Explorer registry settings 32. Empty the Temporary Internet Files folder when Internet Explorer is closed 33. Remove Internet Options 34. Remove General tab in Internet Options 35. Remove Security tab in Internet Options 36. Remove Privacy tab in Internet Options 37. Remove Content tab in Internet Options 38. Remove Connections tab in Internet Options 39. Remove Programs tab in Internet Options 40. Remove Advanced tab in Internet Options 41. Set a home page (Internet Explorer) 42. Restrict the possibility to change desktop image 43. Restrict the possibility to change wallpaper 44. Restrict usb flash drives

对此有何build议?

更新2:

我会为能够帮助我的人提供50分的奖励

更新:

正如@丹build议我,我想指出,这将适用于一个教育的情况下,学生可以从电脑login,并希望添加一些限制。

根据对列表的粗略回顾,您应该能够使用组策略pipe理所有这些设置。 为计算机设置创build一个GPO,为用户设置创build另一个GPO,并将它们链接到相应的Container或OU。 您可以在每个GPO中使用安全筛选将每个GPO应用于特定用户和计算机。